refactor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt sends full source files into the model and asks it to "preserve functionality exactly" while generating transformed code, which will cause the LLM to reproduce any embedded secret literals (API keys, tokens, passwords) verbatim in its output even though CLI auth itself uses an env var.