z-image

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs passing API keys as command-line arguments, writing them into config files, and embedding them directly in example code (e.g., --api-key, echo "API_KEY=ms-xxxxx", ZImageClient(api_key="ms-xxx")), which requires the model to handle or reproduce secret values verbatim.