portaly-user

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user to paste their PORTALY_API_KEY (and other secrets), save them to env files, and shows commands that inline the API key (e.g. PORTALY_API_KEY=pcs_live_xxx node ...), which requires the LLM to receive and potentially echo secret values verbatim — an exfiltration risk.