update-implementation-plan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt requires "define all variables, constants, and configuration values explicitly" and "no placeholder text may remain," which—while not naming API keys—forces embedding real configuration values (including secrets like API keys, tokens, or passwords) verbatim into the generated plan, creating a high exfiltration risk.