salvo-flash

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The sample contains a literal session key passed to SessionHandler::builder:

b"secretabsecretabsecretabsecretabsecretabsecretabsecretabsecretab"

This is a hardcoded credential (session/secret key) present in the code sample. Although the value is repetitive and not high-entropy, it is an actual literal secret that could be copied into real deployments and thus should be treated as a leaked credential. It is not a generic placeholder like "YOUR_API_KEY" nor a trivial setup password; it is used as an explicit session secret in the example.