sanity-check

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read the .env file for required tokens and shows Authorization headers (Bearer $TOKEN) for API calls, which requires the agent to access and use secret values (and could lead to embedding them verbatim), so it poses a direct secret-handling/exfiltration risk.