engagelab-sms

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask the user for their dev_key and dev_secret and to include them verbatim in Authorization headers or generated API calls (e.g., base64("dev_key:dev_secret") in curl), which requires the LLM to handle and output secret values directly.