tidy-code

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires including "original code snippet" lines and concrete suggested rewrites from project files with no redaction rules, so any hardcoded API keys, tokens, or passwords present in those files would be reproduced verbatim in the report, creating an exfiltration risk.