polyhub_account

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the user to "Send me the generated key" and includes curl examples that embed the API key into requests (even if via an env var), meaning the LLM may receive and be asked to use or reproduce the secret in generated commands—creating an exfiltration risk.