security-validation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's example reports and JSON output explicitly include detected secret values (e.g., "API_KEY=sk_live_abc123...") and instruct the agent to list file:line and context, which requires the LLM to echo secret values verbatim in reports.