code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires the agent to reproduce CodeRabbit's output verbatim (including comment bodies and code snippets), so if CodeRabbit reports hardcoded API keys, tokens, or passwords from the repo those secrets must be emitted exactly in the agent's response — creating an exfiltration risk.