second-opinion

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill mandates reading full file contents into a CONTEXT block and injecting that verbatim into a heredoc sent to the Gemini CLI, which forces any embedded secrets (API keys, tokens, passwords) to be included in the model I/O and thus exposed.