Capability Graph Builder

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill cat's manifest files and inlines their full contents into Codex prompts (and graph JSON into validation prompts), so any secrets present in manifests would be sent verbatim to the LLM and could be output—creating an exfiltration risk.