bingx-spot-ws-account

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The document includes a high-entropy, literal token in the example response: {"listenKey": "a8ea75681542e66f1a50a1616dd06ed77dab61baa0c296bca03a9b13ee5f2dd7"}. This value is long, random-looking (hex), and is used as a Listen Key to authenticate WebSocket account streams—i.e., a usable credential if valid—so it meets the definition of a secret and should be flagged.

Ignored items and why:

• Placeholders like <your-api-key>, API_KEY, SECRET_KEY are documentation placeholders (not flagged).
• Header constant "X-SOURCE-KEY: BX-AI-SKILL" is not a secret.
• No private keys or other high-entropy secrets appear elsewhere in the prompt.