copilot-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The review prompts ask for "具体的な問題箇所" (specific problematic locations) when checking for secret/API key exposure without instructing redaction, so the models may read repository files and reproduce secret values verbatim in their findings, creating an exfiltration risk.