performance-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill mandates including actual code snippets, exact file paths/line numbers, and "actual findings from the codebase" (not placeholders), which will force the model to reproduce verbatim file contents — potentially exposing API keys, tokens, or passwords present in the repo — and it gives no instructions to redact secrets.