code-optimizer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs agents to grep the codebase and include "Current code: the problematic snippet" from matched files, which would force the LLM to reproduce any secrets (API keys, tokens, passwords) present in those snippets verbatim, creating an exfiltration risk.