expert-validator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly reads full text from local markdown files (including strategy-brief.md), embeds that content verbatim into agent prompts, and preserves/writes back existing file content, so any secrets present in those files would be included verbatim in prompts and outputs, enabling exfiltration.