x-post

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes explicit examples and config that embed API keys in headers and curl commands (e.g., "Authorization: Bearer YOUR_API_KEY" and "x-publora-key: sk_your_api_key"), which would require an agent to insert or echo secret values verbatim if followed, creating an exfiltration risk.