slack

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I flagged one high-entropy token-like value. The CLI invocation includes the literal "skpi-zktzbpe4r5cz4cq6opst7yl6" passed to refly as --id. This is not a documented placeholder (it is not "YOUR_API_KEY", "sk-xxxx", truncated, or labeled as an example) and appears to be a random-looking, usable identifier/API token. No other values in the prompt meet the secret criteria (example channel names, message content, workflow URLs/IDs, and JSON field names are documentation/example data and not high-entropy credentials).