obsidian

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes curl examples that pass an Authorization: Bearer token directly in an HTTP header (Authorization: Bearer KEY), which is an instruction pattern that would require embedding secret API keys verbatim into commands/outputs and therefore poses an exfiltration risk.