guidance

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples that pass API keys directly as parameters (e.g., api_key="your-api-key"), which encourages embedding secret values verbatim in generated code/commands and therefore creates an exfiltration risk.