cmd-sculpt-code

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires the agent to read full repository files and apply/show edits verbatim without any redaction rules, so any in-repo secrets (API keys, tokens, passwords) would be included in the LLM's output, enabling exfiltration.