publish-zsxq-article

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill reads the user's Markdown file and requires embedding the file's full content verbatim into a generated evaluate_script (JS string) for the paste event, so any secrets inside the file would be included in the LLM's output and risk exfiltration.