image-stats

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly directs the agent to echo or extract an API key and then embed it verbatim in a curl Authorization header (and to tell the user any generated test key), which requires the LLM to handle and output secret values directly.