shopify-content

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes example curl/GraphQL requests with an Admin API access token header (X-Shopify-Access-Token: {token}) and expects the agent to call the Admin API, which implies replacing placeholders with real tokens and thus outputting secrets verbatim.