create-spec

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires capturing "ALL technical details" (including env vars, CLI commands, API endpoints) from the planning conversation into task files, which forces the model to include secret values verbatim if they appear in the conversation, creating an exfiltration risk.