gemini-image

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill tells the agent to read config/secrets.md to obtain an API key and shows a curl example that embeds the Authorization: Bearer API_KEY header, which requires the LLM to insert the secret verbatim into an outgoing command (high exfiltration risk).