compliance-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill writes session state (including a .compliance/secrets.env file with API tokens), instructs the agent to "extract concrete values and use them" and to bold found values in outputs — which effectively requires including verbatim concrete values (potentially secrets) in generated policy/evidence content despite some later safety notes forbidding tokens, creating a high exfiltration risk.