social-post

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly shows placing a bearer API key directly into a local JSON config (Authorization: "Bearer YOUR_API_KEY") and requires obtaining an API key, which encourages the agent to accept and embed the user's secret verbatim into configuration or output, creating an exfiltration risk.