nopal-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs users to paste OAuth Client ID/Client Secret into the terminal and to run gws auth export --unmasked to create a plain credentials JSON, which causes secret values to exist in plaintext files/outputs that an LLM or its tooling would need to read verbatim — an explicit secret-exfiltration risk.