reality-check

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires reading and embedding "actual code snippet" evidence from project files (and running grep/blame), so any secrets present in source/config will be included verbatim in the generated report with no redaction guidance — enabling secret exfiltration.