clarify-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt shows and requires including API keys, access tokens, and client_secrets in request headers/bodies (even if shown as placeholders), so an agent generating concrete curl/HTTP requests or code would need to insert secret values verbatim, creating an exfiltration risk.