hardcoded-secrets-anti-pattern
Installation
SKILL.md
Hardcoded Secrets Anti-Pattern
Severity: Critical
Summary
Hardcoded secrets embed sensitive credentials (API keys, passwords, database credentials) directly in source code. Anyone with code access—developers, version control history, or attackers—can extract these secrets. AI models frequently generate hardcoded secrets, trained on public code with this common bad practice. Secrets committed to public repositories are discovered and exploited by automated bots within minutes.
The Anti-Pattern
Never store secrets, credentials, or sensitive configuration values in files tracked by version control.
BAD Code Example
# VULNERABLE: Hardcoded API keys and database credentials in the source code.
import requests
import psycopg2