worktree-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to read .env and compose files, "record exactly" env var keys and their current values (including DB passwords/URLs) into config.json and embed them into generated scripts, which requires outputting secrets verbatim.