code-security-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Because the audit requires reading repository files and outputting code snippets and "敏感信息/硬编码凭证" findings (including .env/config and exact code lines), the agent would likely surface secret values verbatim in its reports, creating an exfiltration risk.