code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs the agent to run git diffs and quote relevant code snippets (including checking for secrets) but gives no guidance to redact or avoid echoing secret values, so the agent may include secret/API credentials verbatim in its outputs.