xray-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly shows and encourages passing client secrets and tokens as command-line flags (e.g., --client-secret, --jira-token) and even includes concrete example secret-like values, which means an agent would be expected to accept and emit secret values verbatim in generated commands—an exfiltration risk.