pndr

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows putting client_id/client_secret into a curl request and instructs embedding the returned access_token as a "Bearer" value in config files and asks the assistant to "provide your Pndr OAuth credentials when prompted," which requires handling and potentially outputting secrets verbatim.