security-best-practices

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit hardcoded-looking API key literal ("sk_live_abc123xyz789") and code examples that show embedding tokens into requests/headers, which forces or encourages verbatim secret inclusion and thus creates exfiltration risk.