context-surfing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill repeatedly requires quoting files and session logs "verbatim" into pre-commit checks and handoff outputs (pulling directly from Entire CLI logs and artifacts), which would force the LLM to reproduce any secret values present in those artifacts into its output.