amz-cash-flow-forecaster-dd7

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the full skill prompt for high-entropy literal values that would grant access.

Flagged item:

• The WhatsApp invite URL "https://chat.whatsapp.com/ILX65p1yWcaIG3c9WGHpTY" is a high-entropy literal that directly grants access to a private group. It functions like an access token and is therefore a usable credential in this context.

Ignored items (reasons):

• Numeric/example values (e.g., "8,000 USD", "4-day transit", "refund rate 8%") are low-entropy examples, not secrets.
• There are no API keys, bearer tokens, private key blocks, or other obvious credentials present.
• No documentation placeholders or redacted/truncated secrets were found.

Recommendation: remove or redact the invite link from public skill documentation, or replace it with a non-sensitive sign-up flow or placeholder.