project-onboarding

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to read the first line of text files in the project folder and include those lines as descriptions in generated outputs (context.md / file map), which can cause any secrets present in files (e.g., .env, config, keys) to be output verbatim and thus exfiltrated.