gemini-image

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to insert the API key verbatim into curl headers (and may ask the user for keys to embed), requiring the LLM to handle and emit secrets directly, creating exfiltration risk.