epa-enviro

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt's contingency flow tells the agent to read an API key from a file or env var and explicitly instructs "pass as query parameter ?api_key=" (and shows shell code to set KEY), which encourages embedding secret values verbatim into generated commands/URLs and thus creates an exfiltration risk.