nano-banana-pro

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt repeatedly instructs embedding API keys directly into commands and code (e.g., --api-key flags, client api_key="YOUR_KEY", export GEMINI_API_KEY="your-key", and even an "AIzaSy..." example), which requires the LLM to include secret values verbatim and thus is insecure.