agent-change-walkthrough

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt mandates including full git diffs, file snippets, and realistic example payloads in the walkthrough, so if repository files or examples contain API keys/passwords/cookies those secret values would be copied verbatim into the agent's output, creating an exfiltration risk.