security-reviewer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains hard-coded secret-like literals (e.g., 'sk-abc123xyz789', 'admin123') and instructs scanning/reporting of discovered keys without specifying redaction, which encourages the agent to read and output secret values verbatim.