launch

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt asks the user to paste an OpenRouter API key (or reuse a cached one) and then injects that key verbatim into a deploy command flag (--ai-key "{openRouterKey}"), which forces the LLM to handle and output the secret directly.