reflect

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill ingests the full session transcript and explicitly extracts and writes "learning content" verbatim into diffs, SKILL.md, Memory MCP records and git commits, so any API keys or secrets present in the conversation would be captured and output, creating an exfiltration risk.