skills-workflow

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The workflow explicitly substitutes prior outputs into step inputs ({{input}}) and invokes skills or simulates them without enforcing redaction before calling, so any user-provided API keys or secrets would be propagated verbatim between steps (trace redaction applies only to logs), creating a high exfiltration risk.