send-email-programmatically

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains multiple examples that embed API keys, app passwords, and SMTP credentials directly into curl commands, config files, and sample code (e.g., --user "email:password", Authorization headers, commented-in "your-api-key" strings), meaning an agent could be asked to insert a user's secret verbatim into generated commands—creating a high exfiltration risk despite advice to use environment variables.