Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The skill explicitly instructs use of a `service_key` bearer token for an admin SQL endpoint but does not warn that this credential is highly privileged and must be kept secret. In agentic contexts, examples are often copied directly, so normalizing exposure or casual handling of admin credentials materially increases the risk of credential leakage and full project compromise.
