nano-banana-2

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly accepts and prioritizes a --api-key command-line argument and examples show passing an API key on the command line, which means an agent could be instructed to output or embed the secret verbatim in commands (exfiltration risk).