lisa-review-implementation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill reads project and template files and emits verbatim diffs and file contents (and can copy files back), so any secrets present in those files (API keys, tokens, passwords) would be included in the agent's output or writes, enabling exfiltration.