candid-init

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires citing specific files and including actual code examples from the repository (and explicitly checks for "hardcoded secret in X") but gives no instruction to redact secrets, so the agent may be forced to include secret values verbatim if they appear in the codebase.