stats

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to output/read $LABNOCTURNE_API_KEY (via echo or by fetching a test key) and to embed that API key verbatim in a curl Authorization header, causing secrets to appear in generated commands and outputs.