reflect

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt instructs the agent to read and persist full session messages (via a SQL query or in-context history) and write suggested skill updates without any redaction rules, so if messages contain API keys/passwords the agent may include them verbatim in generated skill files—creating an exfiltration risk.