think

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to "open the project's actual config file ... and lift the live value" and to list every API key/token the plan requires, which requires including secret values verbatim in output — a direct exfiltration risk.