pre-publish-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs agents to read and include full file contents and diffs and to output specific code evidence, so any secrets embedded in the repository (API keys, tokens, passwords, cookies) would be passed into and potentially reproduced by the LLM verbatim.