article-illustrator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes CLI flags like --api-key and describes reading/writing API keys from .env and optional parameters (e.g., IMAGE_API_KEY, GEMINI_API_KEY, QINIU_SECRET_KEY) which enable an agent to embed secret values verbatim into generated commands or code, creating an exfiltration risk.