ask

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill embeds user-supplied arguments verbatim into local CLI commands and saves the "final prompt" and raw CLI output to an artifact, so if those arguments (or CLI responses) contain API keys, tokens, or passwords they will be recorded and output unchanged, creating an exfiltration risk.