quality-gate

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires embedding the full git diff into task descriptions and reviewer outputs (and writing code snippets to files/send messages), so if the diff contains API keys, tokens, or passwords those secrets would be included verbatim in generated outputs and tool calls.