setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to run a device-flow script that retrieves the API key and prints/appends it (echo/printf "$dr_api_key") and includes examples embedding keys in curl headers, so the agent must handle and would potentially output secret values verbatim—high exfiltration risk.