infographic-v2

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to paste their Gemini API key ("I have a key ready") and describes saving it to .env / guiding setup, which would require the LLM to accept and likely echo or embed the secret value verbatim in its output (high exfiltration risk).