render-monitor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt repeatedly instructs replacing placeholders with the user's Render API key (including examples that embed "Authorization: Bearer <YOUR_API_KEY>" in configs/commands) and tells the agent to "always use their API key," which encourages asking for and inserting secrets verbatim into outputs/commands, creating an exfiltration risk.