doc

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs the agent to read project code and "show actual code from the project" and generate concrete code examples, so if secrets (API keys, tokens, passwords) are present inline in the source it may be required to include them verbatim and there is no guidance to redact or use environment variables.