rowan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt contains multiple examples that set API keys inline and explicitly print or return webhook secrets (e.g., rowan.api_key = "your_api_key_here", print(f"Your webhook secret: {secret.secret}")), which instructs embedding secret values verbatim in code/output and therefore creates an exfiltration risk.