security-reviewer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt instructs the reviewer to "show the vulnerable code" and to check for hardcoded credentials/tokens, which will likely cause the model to reproduce secret values found in submitted code (verbatim), creating an exfiltration risk even though it doesn't explicitly ask for secrets.