pachca-chats

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly requires an Authorization Bearer token and tells the agent to ask the user if the token is unknown, and the examples show inserting that token into Authorization headers (e.g., curl -H "Authorization: Bearer $TOKEN"), which can cause the LLM to receive and embed secret values verbatim in requests/outputs.