overnight-repo-auditor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The Security Auditor explicitly instructs agents to search for hardcoded API keys/tokens, decode base64 secrets, check git history, and include "Evidence" code snippets in the report — which would require the LLM to output secret values verbatim, creating an exfiltration risk.