find-cpa-firm

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to locate/use a bearer token from environment or dotenv files and to run an OTP flow that returns a token which the agent is explicitly told to "show" and advise the user to save (and may embed in Authorization/export commands), which requires outputting secret token values verbatim.