api-provider-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs inserting API keys into config files and shows curl/header examples that embed API keys (e.g., "apiKey": "sk-your-api-key", Authorization: Bearer YOUR_API_KEY), which would require the agent to accept and output secrets verbatim.