code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs the reviewer to look for "hardcoded secrets, API keys, or credentials" and requires outputting file/line descriptions and code snippets without any redaction instruction, so the model may reproduce secret values verbatim in its findings or suggested fixes.