critical
suspicious.exposed_secret_literal
- Location
- SECURITY.md:37
- Finding
- File appears to expose a hardcoded API secret or token.
expert-writing-asmcp
AdvisoryAudited by Static analysis on May 11, 2026.
Overview
Detected: suspicious.exposed_secret_literal, suspicious.generated_source_template_injection
Findings (2)
critical
suspicious.generated_source_template_injection
- Location
- SKILL.md:592
- Finding
- User-controlled placeholder is embedded directly into generated source code.