obsidian

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples that embed API keys/tokens in commands and code (e.g., curl -H "Authorization: Bearer YOUR_API_KEY" and a Python client that inserts api_key into headers), which instructs the agent to place secret values verbatim into outputs/requests, creating an exfiltration risk.