cursor-agent

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill runs an external CLI and explicitly instructs the agent to quote the CLI's verbatim response to the user (including file:line/code snippets from the workspace), so if that tool/output contains API keys, tokens, or passwords the LLM is required to reproduce them verbatim — even though the prompt itself doesn't ask for or embed secrets directly.