Skillv1.2.0

Static analysis security

Portable Tools · Deterministic local checks for risky code patterns and metadata mismatches.

ReviewApr 30, 2026, 4:54 AM

Summary: Detected: suspicious.exposed_secret_literal, suspicious.generated_source_template_injection
Reason codes: suspicious.exposed_secret_literalsuspicious.generated_source_template_injection
Engine: v2.4.5

criticalSKILL.md:51

Documentation appears to expose a hardcoded API secret or token.

suspicious.exposed_secret_literal

criticalSKILL.md:132

User-controlled placeholder is embedded directly into generated source code.

suspicious.generated_source_template_injection