salvo-csrf

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes hardcoded secret-like byte strings (e.g., 32-byte keys and a long session secret) and examples that embed them directly in code, which encourages the LLM to output secret values verbatim and is therefore insecure.