aiconfig-projects

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to detect or ask for API tokens and shows embedding them directly into commands/code (e.g., curl -H "Authorization: {api_token}" and set_config(Config("{sdk_key}"))), which requires the LLM to handle and potentially output secret values verbatim, creating exfiltration risk.