code-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt requires auditors to include "file location" and "code evidence" (specific code observations) and to read cited code locations during verification, which can cause the model to copy secrets embedded in source files verbatim into reports, creating an exfiltration risk.