image-nano-banana

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly documents and examples using a --api-key KEY command-line argument and states to "use if user provided key in chat", which encourages asking for and embedding API keys verbatim in generated commands (even though an env var is supported), creating an exfiltration risk.