security-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs reading code, .env files, and scanner outputs and to include "Evidence: " in reports (and stores reports that "may contain secrets"), which requires the LLM to handle and potentially output secret values verbatim.