tuzi-image-gen

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to run commands that echo/grep environment variables and .env files (e.g., echo "${TUZI_API_KEY:-not_set}" and grep ...), which will reveal API key values verbatim in output, forcing the LLM to handle and potentially expose secrets.