1. Bundled Skills Vulnerability Exposes Seven API Credentials in Plaintext via Process Memory Access
A critical security flaw in Bundled Skills, a component used by AI coding agents, has exposed seven API credentials—including keys for OpenAI, Notion, Google, and other services—in plaintext through environment variables and configuration files. The vulnerability carries a CVSS score of 7.5 (High), classified under CWE...