codemermaid

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt mandates copying exact, unmodified source files and embedding verbatim code snippets and absolute file paths into generated HTML (including config/entry files), so if the repository contains API keys, tokens, or other secrets those values would be included in the agent's output — creating a real exfiltration risk.