self-review-critique

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires copying exact file text into the generated XML (e.g., the required "original-code" verbatim) and reads repository/config files for context, so any API keys or passwords present in those files would be output exactly and thus exposed.