knowledge-2-web

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt directly shows and allows passing an API key as a command-line argument and embedding it in example code (e.g., python ... [api_key] and client = genai.Client(api_key="your-api-key")), which encourages including secrets verbatim in commands or code and thus poses an exfiltration risk.