prompt-validate

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the Skill content for literal credentials. The eval example (id 3) contains the string "API_KEY=sk-prod-9f2a1b3c4d5e6f7a8b9c0d1e2f3a4b5c" — a high-entropy, API-key–formatted value that appears to be a real credential rather than a placeholder. It is not a generic placeholder (e.g., "YOUR_API_KEY" or "sk-xxxx") and meets the definition of a secret, so it must be treated as sensitive and redacted. No other high-entropy keys, tokens, or private key blocks were found. Simple example words or policy placeholders were ignored per the rules.