py-exfil

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). It reads ANTHROPIC_API_KEY from the environment and embeds it verbatim into an outgoing URL, explicitly exfiltrating the secret (high risk of outputting the secret).

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Explicit, deliberate exfiltration: the code reads the sensitive ANTHROPIC_API_KEY from the environment and sends it to an external, untrusted endpoint, indicating intentional credential theft.