converting-commands-to-skills

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). This skill instructs the agent to read command files and copy or transform their contents (including "copy content as-is" for BASIC and rewrite/expose bash commands for FULL), so any embedded API keys, tokens, or passwords in those files would be included verbatim in generated SKILL.md outputs, enabling secret exfiltration.