understand

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires reading and injecting actual project file contents (README, manifests, config files, and per-file summaries) into subagent prompts and the final knowledge-graph, so any secrets present in those files (env vars, API keys, tokens) can be included verbatim in outputs, creating exfiltration risk.