checklist

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires the agent to read the conversation and "preserve the original text exactly" when writing a checklist file, so any API keys, tokens, or passwords present in the conversation would be copied verbatim into the output/file, causing secret exfiltration risk.