infographic

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to paste their Gemini API key and shows shell commands that insert that exact key verbatim into .env (e.g., sed with [user-provided-key]), which requires the LLM to handle and embed secrets directly in its outputs/commands, creating an exfiltration risk.