distill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly extracts and returns raw bash calls and tool results (and even instructs subagents to "return the JSON output verbatim"), which can include Authorization headers, API tokens, or other secrets from session JSONL, so the LLM may be required to output secrets verbatim.