workspace-health-monitor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill requires ingesting and then reporting verbatim wording and file excerpts (e.g., "wording" of action items, file contents) from user workspace files, so if those files contain API keys, passwords, or tokens the agent may reproduce them in its output and exfiltrate secrets; the prompt includes no guidance to redact or avoid echoing secrets.