stream-swift

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the agent to collect API keys and user tokens and "use it (and the API key) in every code snippet
• no placeholder strings," which forces the LLM to include secrets verbatim in generated outputs/commands, creating a direct exfiltration risk.