security-reviewer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The workflow requires including "evidence" such as code snippets and configuration excerpts in the audit report — which can contain API keys, tokens, or passwords from the codebase/configs — so the LLM may be required to output secret values verbatim.