dflow-kalshi-market-data

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to ask the user for a DFlow API key and to use x-api-key on every REST request and WS upgrade (and to generate scripts that incorporate that key), which forces the LLM to handle and potentially emit the secret verbatim in commands/code — an exfiltration risk.