api-design-patterns

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes literal API-key and token examples (e.g., "sk_live_abc123", a Bearer JWT) and even shows embedding keys in headers and query strings (including a comment "allow-secret"), which encourages outputting secret values verbatim or instructing insecure handling.