setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks users to paste API tokens and instructs the agent to embed those tokens verbatim in config JSON and curl test commands (and to write them via a tool), so the LLM would receive and output secrets directly, creating an exfiltration risk.