tutor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The tutor explicitly reads uploaded materials and learner-profile files and instructs the agent to append user-provided snippets "verbatim" into persistent files and transcripts, which can cause the LLM to reproduce API keys/passwords or other secrets from uploads directly in its outputs (copy/paste risk).