mobile-security

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit hardcoded API keys/tokens in unsafe example snippets and instructs the skill to generate/record UNSAFE patterns (code snippets and locations), which encourages outputting secrets verbatim and therefore creates an exfiltration risk.