handoff

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). Yes — the skill requires emitting verbatim environment snapshots, uncommitted changes, user original text and concrete file edits/commands (absolute paths and diffs) with no redaction rules, so any API keys, secrets or passwords present in files or the chat would be included in the generated handoff prompt and thus exposed.