patent-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to input and persist the KIPRIS_API_KEY (to moai-credentials.env) and then uses that key in WebFetch REST API calls (ServiceKey), which requires the agent to handle and potentially include the secret verbatim in requests/commands, creating an exfiltration risk.