insecure-defaults

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs detection of hardcoded API keys/tokens and patterns (and includes examples), which implies the agent will inspect code and likely reproduce any discovered secret strings verbatim in its findings unless redaction is required — creating an exfiltration risk.