webnovel-query

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read and include the contents of project files (e.g., cat "$PROJECT_ROOT/.webnovel/state.json" and include matched content with file paths and line numbers), which would force the LLM to output any secret values present there verbatim, creating an exfiltration risk.