docx-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The manifest-generation instructions explicitly require the LLM to emit exact "find" and "anchor" text copied from the document (15+ words of surrounding context), which forces the model to reproduce any secrets present in the document verbatim and thus creates an exfiltration risk.