wispbit-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires embedding the session secret (${CLAUDE_SESSION_ID}) directly into CLI commands (e.g., --claude-session-id ${CLAUDE_SESSION_ID}), forcing the model to handle/output a sensitive session token verbatim, which is an exfiltration risk.