heartwood-auth

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill prompt includes an explicit example client secret value and instructs pasting it into a deployment command (wrangler secret put), meaning an agent might be asked to reproduce or embed secret values verbatim — an exfiltration risk.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the full skill prompt for high-entropy, literal values that could be used as credentials.
• I flagged the base64 string "YKzJChC3RPjZvd1f/OD5zUGAvcouOTXG7maQP1ernCg=" because it appears twice: once as the example output of openssl rand -base64 32 and again as the value to "Paste:" when setting the secret with wrangler secret put. This is a high-entropy, random-looking secret and is directly present in the documentation, so it qualifies as a leaked credential.
• I ignored other items as non-secrets per the rules: placeholders like "YOUR_SECRET", "your-client-id", environment variable names (HEARTWOOD_CLIENT_SECRET), simple/example passwords, truncated strings, and other documentation examples. No private key blocks (PEM) or API key prefixes (sk-live...) were present.