prompt-reviewer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to auto-extract user conversation/session files and to quote prompts verbatim in reports and saved history (including examples passed into save_review.py), so any API keys/passwords present in those sessions would be read and output verbatim, creating an exfiltration risk.