production-code-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly commands the agent to read every file (including configs) and produces before/after diffs/reports that show hardcoded secrets (examples include literal passwords/JWT secrets), so the LLM would need to handle and could output secret values verbatim.