nano-banana

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). Found one high-entropy, literal token: "skpi-c3kbyakremol9ukap585h4xd" used directly in the command line as --id. It is not an obvious placeholder (e.g., "sk-xxxx" or "YOUR_API_KEY") and looks like a real API/skill token. Per the protocol, high-entropy strings that are directly present and usable should be flagged.

Other tokens in the doc (the workflow path "c-fi0jawxn5au4gc4u34x642ko" in the URL and the expected RUN_ID format "we-xxx") appear to be workflow/identifier values or placeholders and are less likely to be secrets; they are not flagged.