review-code-changes

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read file contents and include "specific examples from the diff" in its output, which would force the LLM to reproduce any secrets (API keys, tokens, passwords) present verbatim from those files or diffs.