app-icon

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the user for their OpenAI API key and instructs configuring it via a command that embeds the key verbatim (snapai config --api-key ), which requires the agent to handle and output the secret directly, creating an exfiltration risk.