code-security-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Yes — the prompt requires quoting actual code evidence and secret-detection results (e.g., "只引用 Read 工具实际读取的代码" and sensitive-info pre-scan), which forces the agent to output any secrets it finds verbatim in reports/POCs.