audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires scanning diffs and producing findings and code/doc excerpts for secrets (API keys, tokens, passwords, .env files) but gives no instruction to redact them, so the agent is likely to include secret values verbatim in its reports.