gsd-orchestrator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly supports pre-supplying secrets via an answers JSON (a "secrets" map injected into the child process environment) which requires the agent to read and emit secret values verbatim (e.g., write answers.json or include them in generated output), creating an exfiltration risk.