worldlabs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly asks the user to paste their World Labs API key and shows usage patterns that embed that key verbatim (WORLDLABS_API_KEY= and .env entries / inline CLI), meaning the agent would accept and handle secrets in conversation or include them in generated commands—an exfiltration risk.