commit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). In Step 3–7 the skill explicitly reads the full plan file and embeds plan_contents verbatim (JSON-escaped) into the commit message, so any secrets present in that file would be output/exfiltrated.