security-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt asks the reviewer to provide specific code evidence and to flag "Secrets in source code", which encourages including exact code snippets (potentially containing API keys/tokens/passwords) verbatim in findings, creating an exfiltration risk.