think

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to open project config files and "lift the live value" and to list every API key/token the plan requires, which forces reading and potentially outputting secrets verbatim and therefore creates a high exfiltration risk.