assets

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly requires users to provide API Key, API Secret, and Passphrase (even via a user-sent file) so the agent must read and use those secrets to sign and send authenticated requests, creating a high risk the LLM will handle or embed secret values verbatim in generated requests/commands unless a secure tool integration is enforced.