spec-reviewer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires agents to return "evidence (file paths, code snippets...)" from the codebase, so if secrets are present in those snippets the LLM would be asked to include them verbatim, creating an exfiltration risk.