workflow-env

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly requires the agent to "inspect" (e.g., cat) env.sh before sourcing it, which will expose any exported secret values to the LLM and could lead to them being output verbatim, so it poses a substantial exfiltration risk.