deepread-invoice

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes hard-coded/example API keys with a realistic "sk_live_..." prefix and shows embedding the key directly in code (API_KEY = "sk_live_YOUR_KEY") and in curl headers, which encourages the agent to handle or emit secret values verbatim rather than keeping them only in protected env vars.