online-evals

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that place API tokens directly into Authorization headers and instructs the agent to prompt the user for an API token if it cannot be detected, which requires the LLM to receive and potentially emit secret values verbatim (exfiltration risk).