nv-context

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs the agent to read config/CI/scripts and "extract exact commands with FULL FLAGS" and to read files like settings.local.json and hooks, so if secrets or API keys are present there the agent is expected to include them verbatim in its outputs — creating an exfiltration risk.