revision-external-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt requires using a Bearer API key for all requests and instructs the user must provide an API key (and shows Authorization headers like Authorization: Bearer <api-key> / Bearer $API_KEY), which can encourage the agent to request and embed secret tokens verbatim in generated curl commands or code (exfiltration risk), even though placeholders/env-var usage is shown.