codex-mentor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to collect and embed code/diffs and file contents (e.g., via git diff and shell substitution like $(cat file)) into prompts/cli commands sent to Codex, which will include any API keys or secrets present in those files verbatim and thus risks exfiltration.