generate-image

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the agent to collect and persist user API keys and to include them in API request headers (e.g., Authorization: Bearer and x-goog-api-key), which requires the LLM to handle and potentially output secret values verbatim.