nano-banana-pro-openrouter

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to read API keys (from .env or user chat) and explicitly pass them as a --api-key command-line argument or include them in commands, which requires outputting secret values verbatim and is high-risk exfiltration behavior.