review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt instructs the agent to run git diff and include "current code snippet" (file and line) when reporting issues (including hardcoded credentials), so without explicit redaction it will likely echo secret values from diffs verbatim, creating a high exfiltration risk.