convention-code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires reading git diffs and reporting file-level violations with specific line snippets, so if secrets (API keys, tokens, passwords) appear in the changed files or diffs the LLM would be expected to include them verbatim in its output, creating an exfiltration risk.