security-auditor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The audit mode explicitly instructs the agent to "quote the evidence" and include code/snippet excerpts from SKILL.md in reports, which would force the LLM to reproduce any embedded secrets (API keys, tokens, passwords) verbatim if present.