review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly greps for "password|secret|api_key|token" and reads matched files to show "full details" for critical issues but gives no instruction to redact or avoid printing secret values, so it can easily surface secrets verbatim in outputs.