article-batch-illustration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that pass API keys as explicit command-line arguments (e.g., --api-key "GEMINI_API_KEY") and shows a placeholder REMOVED_GEMINI_KEY rather than enforcing use of env files/CLIs, which encourages embedding secrets verbatim in generated commands—an exfiltration risk.