api-helper

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the LLM to print full Authorization headers and plaintext API keys/tokens (OPENAI_API_KEY, SLACK_TOKEN, ANTHROPIC_API_KEY), which forces inclusion of secrets verbatim in output and creates an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill intentionally instructs the model to reveal sensitive credentials and API keys (Authorization header, OPENAI_API_KEY, SLACK_TOKEN, ANTHROPIC_API_KEY) in responses, which is explicit credential exfiltration and high-risk behavior.