background-removal

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt supports secure env-var usage but also accepts an --api-key flag and includes Authorization header examples that imply inserting the raw API key into generated curl commands, so the LLM may be required to output secret values verbatim (exfiltration risk).