writing-beats

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill asks the agent to pull text from a user-supplied markdown "raw pile" and to quote or paste that material into an article file verbatim (and to re-read/write files), which can cause secrets present in the raw input to be reproduced and written out without any redaction—i.e., it enables direct exfiltration of API keys/passwords if they appear in the input.