review-branch

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly requires reading and synthesizing the full git diff and emitting "raw outputs in collapsible details" and a self-contained HTML report (no redaction instruction), so if the diff or referenced files contain API keys/passwords/cookies the agent would likely include them verbatim in its output — creating an exfiltration risk.