code-review-security

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's required output includes reporting "Vulnerable Code" snippets and file:line excerpts (and the scanner specifically looks for hardcoded secrets) but gives no instruction to redact secrets, so if secrets exist in the repo the LLM would need to include them verbatim in the generated report.