counselors

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Phase 1 explicitly instructs the agent to read and embed file contents and git diffs into the prompt (and Phase 4 sources .env files), so any API keys or passwords present in the repo or env will be captured verbatim in the generated prompt and dispatched to external agents, creating a direct exfiltration risk.