mcp-api-key-auth

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs embedding API keys directly into headers and curl/config examples (e.g., Authorization: Bearer sk-...), which would require the agent to accept or output user API keys verbatim into commands or configs, creating an exfiltration risk.