env-config-validator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly requires reading .env files and its "Security Issues" examples show reporting actual secret values (e.g., sk_live_..., connection strings with passwords), so the agent as written would likely surface secret values verbatim in its findings unless additional redaction rules are enforced.