fix-findings

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill requires reading and displaying file contents and proposed code fixes (including lines showing token storage) but does not mandate redaction, so any literal API keys/passwords in those files could be output verbatim.