code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires extracting and embedding exact code snippets from a provided diff into the report (including flagged "hardcoded secrets") with no redaction guidance, so if the diff contains API keys/passwords the LLM will output them verbatim, creating exfiltration risk.