email-polisher

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill requires returning the user's original and rewritten email text verbatim (no redaction rules are given), so if a user pastes API keys, passwords, or tokens in their draft the model would reproduce them in output—creating an exfiltration risk.