tianqin-data

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt offers a secure env-var option but also explicitly shows and documents passing the API key directly on the command line (--api-key "your_api_key_here"), which can require the LLM to emit secret values verbatim and thus poses a substantial exfiltration risk.