tuzi-short-video

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's Step 0 explicitly runs commands that echo and grep for TUZI_API_KEY in env files (e.g., echo "${TUZI_API_KEY:-not_set}"), which requires reading and potentially outputting the secret value verbatim, creating an exfiltration risk.