da-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires embedding full source files into agent prompts and asks agents to cite file:line, quote code, and produce implementation sketches without any instruction to redact secrets, so any embedded API keys or passwords in those files could be reproduced verbatim in outputs (high exfiltration risk).