codebase-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt directs agents to search for "hardcoded secrets" and include file:line and code snippets in the unified report, which would require the LLM to reproduce secret values verbatim if present, creating an exfiltration risk.