microsoft-agent-framework

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes code examples that place API keys and tokens as string literals (e.g., new OpenAIClient(""), new GoogleAI("") and explicit bearer token usage), which instructs embedding secrets verbatim into generated code/commands and thus creates a high exfiltration risk.