Skill Validator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The script injects the raw MANIFEST and IMPLEMENTATION file contents directly into Codex prompts (without redaction), so any API keys or secrets present in those files would be sent to and could be reproduced by the LLM.