api-design-patterns

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I found one high-entropy, literal credential: the API key example "X-API-Key: ak_live_a3f7c9b2d8e1f4g6h9". It has an "ak_live_" prefix and a long random-looking suffix with no truncation or placeholder markers, so it appears like a real, usable key and should be treated as a secret.

Other items were ignored:

• "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." is truncated with "..." (redacted/truncated) — ignore.
• "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=" decodes to "username:password" (an obvious placeholder/example) — ignore.
• Request IDs, ETags, idempotency keys (e.g., req_a3f7c9b2, a3f7c9b2-d8e1-...) and short tokens are examples/identifiers or low-entropy values used for documentation — ignore.
• Other shown examples like "sk-live-24jds..." in the definition are illustrative/example patterns — ignore.