manifest

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user to paste a Manifest API key (mnfst_...) and then instructs replacing USER_API_KEY with that exact key in generated configuration commands, forcing the LLM to receive and emit the secret verbatim (exfiltration risk).