review-team

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill mandates including "concrete code evidence" with file and line references in final findings and does not require redaction, so if code contains hardcoded API keys/passwords the agent would be instructed to reproduce those secret values verbatim.