spec-to-code-compliance

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill mandates quoting exact code and documentation excerpts (file + line numbers) and producing exhaustive, verbatim evidence, so if secrets (API keys, private keys, tokens, passwords) appear in the provided code/spec the agent is obliged to include them in its output, creating an exfiltration risk.