review-and-commit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill runs git diff and prints file diffs and commit previews (and may quote changed code) without instructing redaction, so if secrets are present in the repo or diffs the LLM would read and output them verbatim, risking exfiltration.