prompt-reviewer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill auto-extracts and quotes user prompts from local session files (and instructs saving/printing those quoted prompts as evidence), so if any sessions contain API keys, tokens, or passwords the LLM would be required to include those secret values verbatim in outputs/history, creating an exfiltration risk.