| name | secret-with-asset-leak-skill |
| description | A skill where a real high-entropy secret shares a line with an allowlisted asset reference, which must not suppress detection. |
| version | 1.0.0 |
secret-with-asset-leak-skill
A real secret appears on the SAME line as an allowlisted asset filename and an
allowlisted data-URI. A line-scoped allowlist would wrongly suppress the secret;
a per-token allowlist must still catch it.
Lines mixing a secret with an asset
API_BLOB=PLACEHOLDER_REPLACED_AT_RUNTIME see logo.png for the icon
TOKEN_BLOB=PLACEHOLDER_REPLACED_AT_RUNTIME data:image/png;base64,iVBORw0KGgo