write-engineering-lessons-article

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill mandates verbatim appendix excerpts (byte-for-byte code and git SHAs) and only relies on optional user-supplied sanitization, so if commits/files contain API keys, tokens, or passwords the LLM would need to reproduce them verbatim—posing an exfiltration risk.