think

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to "open the project's actual config file and lift the live value" and to list "every API key, token" required, which forces including secret values verbatim in plans/outputs and therefore creates a high exfiltration risk.