code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill embeds full source file contents into codex-cli prompts and returns/prints code snippets (current_code/suggested_fix), so any secrets present in files would be passed through the LLM/toolchain and likely output verbatim, creating an exfiltration risk.