code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to read and output repository files, diffs, and before/after code snippets without any redaction rules, so any committed API keys, tokens, or passwords in the code would be reproduced verbatim in the agent's outputs (exfiltration risk).