android

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs embedding an API key value into HTTP headers and JSON configs (e.g., Authorization: Bearer $GOOGLE_API_KEY and {"apiKey":"$GOOGLE_API_KEY"}), which requires the agent to place secret values verbatim into requests/config files and thus risks secret exfiltration.