conversation-logging

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The hook logs entire user prompts, tool outputs, file content previews, and Claude response excerpts verbatim into unencrypted files, so any API keys, tokens, or passwords that appear in prompts, files, or command output will be captured and persisted—creating a high exfiltration risk.