commandbox-config-settings

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill includes examples that place API tokens and passwords directly in commands, config.set calls, JVM -D flags, and env var exports (e.g., endpoints.forgebox.APIToken, proxy.password, box_config_*), which would require an agent to embed secret values verbatim when applying those examples and thus creates an exfiltration risk.