microsoft-365-agents-toolkit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs the agent to ask users for real secret values (e.g., AZURE_OPENAI_API_KEY, endpoints, deployment names) and to resolve and reuse those values in config/workflows, which can require embedding them verbatim in commands or generated config — creating an exfiltration risk.