invoking-gemini

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt instructs creating and reading files that contain API keys and includes explicit API-key-like examples (e.g., AIzaSy..., CF_API_TOKEN, GOOGLE_API_KEY.txt, proxy.env), which encourages embedding secret values in project files and could require the agent to handle or output those secrets verbatim, creating an exfiltration risk.