api-design

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes literal bearer/token examples (e.g., "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." and "X-API-Key: sk_live_abc123"), which are secret-like strings and encourage or permit the model to emit credentials verbatim, creating exfiltration risk.