glm-design-to-code-trial

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to paste their Z.ai API key and then instructs the agent to inject that exact key into shell commands, .env files, and Authorization headers (even showing placeholders to replace with the actual key), which requires handling/outputting the secret verbatim.