doubleword

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains multiple examples that embed API keys and Bearer tokens directly in code/commands (e.g., api_key="YOUR_API_KEY", Authorization: Bearer YOUR_API_KEY, and dw login --api-key), which instructs replacing placeholders with real secrets and thus encourages verbatim handling of secrets.