gcp-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to inspect and include "specific configuration or code snippet" evidence from IaC and gcloud outputs (including service account keys, API keys, or other credentials) without guidance to redact, which can force the LLM to emit secret values verbatim.