nano-banana-2-direct-direct

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly supports and instructs using a --api-key argument (and says "use if user provided key in chat"), which encourages the agent to accept and embed API keys verbatim into generated commands, creating an exfiltration risk.