remember

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to "read the entire session" and extract/save the essential state to memory.md with no guidance to omit or redact credentials, so any secrets present in the session (API keys, tokens, passwords, cookies) could be captured and written out verbatim, creating an exfiltration risk.