square-post

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill asks the agent to prompt for, store, and use an X-Square-OpenAPI-Key (and includes a curl example with the header), which requires the LLM to accept and handle user API keys and could lead to embedding secret values verbatim in requests or stored files despite masking guidance.