app-store-submission-auditor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read project files (including env/config files), produce exact code diffs, evidence, and reviewer notes (including test account credentials) and does not require redaction, so any hardcoded API keys, tokens, or passwords found in the code would be copied verbatim into output — creating an exfiltration risk.