code-review-uncommitted

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to read diffs and the full contents of untracked/new files and then produce review outputs (including file snippets and locations), so if secrets are present in those files the LLM would likely include them verbatim, creating an exfiltration risk.