writeas

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The document contains one high-entropy, literal token-like value that appears directly in API request/response examples and could be used to authenticate/modify posts: "ozPEuJWYK8L1QsysBUcTUKy9za7yqQ4M". This value is random-looking and therefore meets the definition of a secret (a token granting access to modify/delete an anonymous post), so I flag it.

I am ignoring the obvious placeholders and low-security examples:

• "00000000-0000-0000-0000-000000000000" (access_token / Authorization header) — a clear placeholder GUID of zeros.
• "username", "password", "yourusername", "YOUR_API_KEY", "your-service-role-key", and similar literal example strings — documentation placeholders per the rules.
• "rf3t35fkax0aw" — a post ID (opaque identifier), not a secret credential.