run-evals

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt mainly uses secure env-var and CLI setup patterns, but it also shows and instructs embedding API keys directly (e.g., git clone "https://user:YOUR_API_KEY@") and includes an API key placeholder (sk_ze_...) which encourages or could lead an agent to output secrets verbatim, so it poses a notable exfiltration risk.