api-designer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes concrete, secret-like examples (e.g., "sk_live_abcdef1234567890", Bearer token examples, webhook secrets) and shows embedding keys/tokens directly in headers/requests, which encourages the LLM to output secret values verbatim even though it doesn't explicitly require user-supplied secrets.