audit-skill-lifecycle

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The audit explicitly requires extracting and reporting "the specific text that triggered the finding" from plugin files into generated reports, so any embedded API keys, tokens, or passwords present in those files would be included verbatim in the LLM output (no redaction specified), creating a high exfiltration risk.