openrouter

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that set api_key/openai_api_key as literal string parameters and constructs Authorization headers with Bearer {api_key}, which encourages embedding secret values verbatim in generated code or commands (high exfiltration risk).