warn-destructive-commands

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to display the full command text in its warning (AskUserQuestion), so if a command contains embedded API keys, tokens, or passwords the LLM will echo them verbatim, creating an exfiltration risk.