obsidian

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill includes explicit examples that embed API keys in Authorization headers and curl commands (and Python code that inserts an api_key into requests), which requires the agent to place secret values verbatim into generated commands/requests and thus creates an exfiltration risk.