flutter-reviewer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill requires the reviewer to "quote the specific code" and show exact file locations and code examples, so if the code contains hardcoded secrets the agent will likely output those secret values verbatim (high exfiltration risk), even though it doesn't explicitly ask users for secrets.