review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt runs diffs and secret-scanning tools (gitleaks) and instructs reporting security findings without any redaction rules, so the agent is likely to read and potentially include verbatim secret strings from the repo in its output, creating exfiltration risk.