bkmrk

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). This skill must capture and emit the user's provided content verbatim (via the Write tool to a filesystem path), so if a user supplies API keys, tokens, or passwords the model will be required to include those secret values verbatim in its generated output, creating an exfiltration risk.