actionize

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask the user for a Telegram bot token/chat ID and to embed those values directly into shell commands, .env writes, and curl requests (e.g., "TOKEN={user-provided-token}" and curl "https://api.telegram.org/bot${TOKEN}/..."), which requires the LLM to receive and output secrets verbatim, creating an exfiltration risk.