backend-dev

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires passing API keys via an api_key= parameter (and the checklist/enforcer lines and example show embedding settings.LLM_API_KEY), which forces the agent to include secret values in generated code/requests rather than keeping them only in secure environment handling, creating a high exfiltration risk.