review-pr

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to reproduce exact lines, evidence, permalinks and committable patch snippets from diffs, so if a PR contains hardcoded API keys/passwords the LLM would likely need to include those secret values verbatim in its output.