developer-sandbox

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly suggests using real sandbox credentials and "pre-populate API key in their code" and includes UI features like "Copy as cURL", which implies embedding secret values verbatim in generated code/outputs and thus creates an exfiltration risk.