codebase-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt requires presenting "ALL agent findings completely" and documenting auth flows and external interfaces, so if the codebase contains hard-coded API keys, tokens, or passwords the agent would be expected to include those secret values verbatim as evidence or in persisted files, creating an exfiltration risk.