third-party-detector

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly includes raw signal values (script URLs, DNS TXT records, JS globals, CSP domains) in its output, which can contain API keys or verification tokens, so the LLM may be required to output secret values verbatim.