brief-the-implementer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to output a verbatim, paste-ready briefing and pipe it into a shell heredoc (and also show it inline), so any secrets present in the discussion would be reproduced exactly and exposed in the assistant's output and the clipboard command, creating an exfiltration risk.