taste-check

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read files/git diffs and to quote "当前写法（引用实际代码）" and full code snippets in its output, so any hard-coded API keys, tokens, or passwords present in the code would be reproduced verbatim and thus risk exfiltration.