review-simplicity

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The reviewer is instructed to read full files and include "Evidence" and before/after code snippets in the report (with no guidance to redact secrets), so if repository files contain hardcoded API keys/passwords the LLM would likely output them verbatim — a high exfiltration risk.