authkit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The guide repeatedly shows putting the PICA secret (PICA_SECRET_KEY / YOUR_PICA_SECRET_KEY) directly into headers and code examples, which encourages embedding secret values verbatim in outputs and poses an exfiltration risk.