see

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read or ask for the user's API key and to place it directly into Authorization headers or query parameters in generated curl commands (e.g., "Authorization: Bearer $SEE_API_KEY" / "signature=YOUR_API_KEY"), which requires the LLM to handle and emit secret values verbatim.