chanjing-avatar

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a hard-coded secret_key value that the agent is expected to place verbatim in the access_token request, which forces the LLM to handle and output a secret directly.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I flagged literal, high-entropy values that look like real credentials rather than placeholders or simple example passwords.

Detected secrets:

• "secret_key": "10cd5091fe6042dfb91ba01816a991e0" — 32 hex chars, high entropy and provided in a hard-coded request body (likely an API secret).
• "access_token": "1208CuZcV1Vlzj8MxqbO0kd1Wcl4yxwoHl6pYIzvAGoP3DpwmCCa73zmgR5NCrNu" — long, random-looking token in the response example (appears usable as an access token).

Ignored / not flagged:

• "app_id": "84042cb5" — short identifier, not a secret (app IDs are typically public).
• Various IDs like video/file IDs ("e284db4d95de4220afe78132158156b5", "9499ed79995c4bdb95f0d66ca84419fd") and audio_man_id ("C-f2429d07554749839849497589199916") — these are resource/voice identifiers, not credentials.
• Examples and explanatory strings (URLs, numeric codes, callback examples) — do not provide access by themselves.

If these hard-coded values are truly example placeholders, they should be redacted. Otherwise they represent exposed secrets and should be rotated and removed from documentation.