refactor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The workflow explicitly requires the agents to read, analyze, and emit code and git diffs (e.g., [TARGET_CODE], [git diff from kraken]) without any instruction to redact secrets, so if the code contains API keys/passwords the LLM would need to reproduce them verbatim, creating an exfiltration risk.