spec-to-code-compliance

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill mandates quoting exact evidence from documentation and code (file + line numbers) and producing verbatim excerpts for IR/alignment, so if those sources contain API keys, private keys, tokens, or passwords the LLM would be required to include them in its output, creating an exfiltration risk.