spice-cloud-management

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that embed secret values verbatim (e.g., curl -d '{"value":"sk-..."}', literal "secret123", and a helper script add-secret that takes the secret as a CLI argument), which would require the agent to handle or output secrets directly and allows exfiltration risk.