supermemory

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit API key value and instructs storing user secrets (e.g., "My API key is xyz") via command arguments, which requires the LLM to handle and potentially output secret values verbatim.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The setup block contains a literal, high-entropy API key assigned to SUPERMEMORY_API_KEY (a long random-looking string starting with "sm_..."). This matches the definition of an actual API key and is not a placeholder, truncated value, or simple example. Other strings in the doc (e.g., "xyz" in example lines) are low-entropy placeholders and are ignored per the policy.