infisical

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly tells the user/agent to replace placeholders with real INFISICAL_CLIENT_ID and INFISICAL_CLIENT_SECRET and write them into /tmp/infisical_login.json (and then use them to obtain/use a Bearer token), which encourages embedding secrets into files/commands and therefore risks secretexfiltration.