repo-grounding

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires quoting "exact fragments" from repo files and proposing exact edits, which can force the model to reproduce secrets (API keys, tokens, passwords) verbatim if they appear in the repository, creating an exfiltration risk.