review-testability

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill requires reading full source files and embedding "evidence" code snippets in the report (verbatim code blocks), so if those files contain hard-coded API keys/passwords/cookies the agent is likely to reproduce secrets in its output, creating an exfiltration risk.