asset-refiner

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to scan and extract code, scripts and configuration files (YAML/JSON) from project notes and generate merged files/templates but does not require or mention redacting API keys/secrets, so it could read and emit secret values verbatim in outputs.