threads-post

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows and instructs placing API keys directly into config files and curl headers (e.g., "Authorization: Bearer YOUR_API_KEY" and "x-publora-key: sk_your_api_key"), which requires the agent to include secret values verbatim in generated commands/configs, creating an exfiltration risk.