staged-changes-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Yes — the skill mandates reading staged diffs (including .env and other files) and requires YES findings to include file:line and code evidence snippets, which forces the LLM to output any secret values present verbatim.