project-skill-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly directs the agent to open raw session files to recover "exact prompts, command sequences, diffs, or failure text" and capture validation commands, which can contain API keys/tokens/passwords and would likely be reproduced verbatim unless redaction is enforced, creating an exfiltration risk.