langfuse

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt's examples explicitly show embedding credentials like public_key="pk-..." and secret_key="sk-..." directly in client initialization and callbacks, which encourages collecting and outputting raw API keys/secrets verbatim in generated code or commands, creating an exfiltration risk.