spot-companies-and-people-with-active-pain-points

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill avoids exposing long-lived API keys by using signup.sh and api.sh that read/write .env, but it explicitly instructs the agent to accept a user verification code and include it verbatim in a command-line call (bash "$SIGNUP" verify "<user_email>" ""), which requires the LLM to handle/output a secret value and matches insecure CLI-argument patterns.