elasticsearch

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs users/agents to export or include a user-provided ES_API_KEY (and shows example assignments) and to embed that variable into curl commands, which encourages the agent to accept and emit API keys verbatim (e.g., export ES_API_KEY="..."), creating secret-exfiltration risk.