code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires the agent to include "current code" snippets in findings and to analyze "secrets in code," which means it will read and likely reproduce any embedded API keys/passwords verbatim when reviewing files, creating an exfiltration risk.