What is Hardcoded Credentials?

Definition

Security vulnerability where database credentials, API keys, or other sensitive authentication material are embedded directly in agent skill files or configuration code rather than being stored in secure vaults or environment variables. Creates critical attack surface when agents are deployed or shared.

Examples in the Wild

Example 1:15% of AI agent skill files contain hardcoded DB credentials with write access
Example 2:Credentials embedded in skill definitions expose database access to attackers