find-bugs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt requires reading and reporting raw file diffs and producing file:line evidence and snippets for issues, so if secrets (API keys, tokens, passwords) appear in the changed files the agent is likely to include them verbatim in its findings, creating an exfiltration risk.