meta-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt instructs the agent to read and (in verbose mode) include settings.local.json and full frontmatter contents in its report — files that often contain API keys, tokens, or other secrets — which would require the LLM to output secret values verbatim if present.