api-design

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains numerous concrete examples that embed API keys, bearer tokens, webhook secrets, and curl commands with Authorization headers/query params, which encourages including secrets verbatim in generated commands or code and could lead the agent to request or echo user-provided credentials.