postman-explore

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's MCP setup example instructs embedding the Postman API key directly in a command-line header ("Authorization: Bearer <YOUR_POSTMAN_API_KEY>"), which encourages the agent to handle and potentially emit secret values verbatim (an insecure pattern).