find-bugs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to read full diffs and provide "Evidence" and file:line excerpts for issues without any guidance to redact secrets, so any API keys or passwords present in the repo diffs could be included verbatim in the agent's output.