feat(action): Hardcoded Secret

Author: RubenHalman

packages/action/README.md

@@ -153,20 +153,27 @@ Executing DML operations (insert, update, delete) inside a loop is a high-risk a
 **Class Name:** _[DMLStatementInLoop](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/DMLStatementInLoop.ts)_
 **Severity:** 🔴 *Error*
 
-#### Hardcoded Id
+#### Hardcoded Salesforce Id
 Avoid hard-coding record IDs, as they are unique to a specific org and will not work in other environments. Instead, store IDs in variables—such as merge-field URL parameters or a **Get Records** element—to make the Flow portable, maintainable, and flexible.
 
 **Rule ID:** `hardcoded-id`
 **Class Name:** _[HardcodedId](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/HardcodedId.ts)_
 **Severity:** 🔴 *Error*
 
-#### Hardcoded Url
+#### Hardcoded Salesforce Url
 Avoid hard-coding URLs, as they may change between environments or over time. Instead, store URLs in variables or custom settings to make the Flow adaptable, maintainable, and environment-independent.
 
 **Rule ID:** `hardcoded-url`
 **Class Name:** _[HardcodedUrl](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/HardcodedUrl.ts)_
 **Severity:** 🔴 *Error*
 
+#### Hardcoded Secret ![Beta](https://img.shields.io/badge/status-beta-yellow)
+Avoid hardcoding secrets, API keys, tokens, or credentials in Flows. These should be stored securely in Named Credentials, Custom Settings, Custom Metadata, or external secret management systems.
+
+**Rule ID:** `hardcoded-secret`
+**Class Name:** _[HardcodedSecret](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/HardcodedSecret.ts)_
+**Severity:** 🔴 *Error*
+
 #### Process Builder
 Process Builder is retired. Continuing to use it increases maintenance overhead and risks future compatibility issues. Migrating automation to Flow reduces risk and improves maintainability.