payram-analytics

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to call APIs directly using a JWT Bearer token and to include an Authorization: Bearer <ACCESS_TOKEN> header (and even to use curl/fetch with the token), which requires embedding secret token values verbatim in generated requests/commands and thus poses a direct exfiltration risk.