ce-doc-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly passes the full document text to subagents and requires quoting "evidence_snippet" excerpts (and returns findings/primers) which forces the model to include verbatim document content — so if the document contains API keys, tokens, or passwords those secret values could be output and exfiltrated.