convert

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks users to supply API Key, Secret, and Passphrase (via a file) and requires those credentials to be sent as headers and used for HMAC signing for API requests, which forces the agent to read and embed secret values verbatim in generated requests unless an external executor handles them — creating an exfiltration risk.