da-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read full plan/code files and include the full code/text in dispatched agent prompts/responses (e.g., "full code" in prompt construction and git diffs), which will cause any embedded API keys, tokens, or passwords to be handled and reproduced verbatim—creating a high exfiltration risk.