learn

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires echoing user-provided strings verbatim into CLI arguments and into the confirmation output, so if those strings contain API keys/passwords/cookies the LLM will include them in generated commands and responses, enabling secret exfiltration.