tabular-review-lawvable

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs agents to extract verbatim values and brief quotes from documents and place them into JSON/Excel (including absolute paths and hyperlinks), so any API keys, tokens, or passwords present in those documents would be copied into the agent output, enabling secret exfiltration.