prompt-optimizer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's Rule 2 and "bake that content directly into the optimized prompt" plus the "no placeholders" rule mandate including any user-provided content verbatim in the returned prompt, so if a user supplies API keys, tokens, or passwords the agent will output them exactly, creating an exfiltration risk.