windowsfy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to read, display, and produce edits/diffs of package.json script values and to emit concrete command/script strings (e.g., cross-env KEY=val, cmd /C "set KEY=val …"), so if those scripts contain inline API keys or passwords the agent would need to reproduce them verbatim in its output — the prompt does not require or specify redaction.