project-skill-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt instructs the agent to recover and reproduce "exact prompts, command sequences, diffs, or failure text" from raw session files and to extract commands that "proved correctness," which can force verbatim inclusion of API keys, tokens, or other secrets present in those logs without any redaction guidance.