review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs sub-agents to scan source files and produce findings (including security findings and file/line context) but nowhere requires redaction, so it may read and output hardcoded secrets or API tokens verbatim (e.g., in "finding" text or appended review sections), creating an exfiltration risk.