plain-talk-reportcard

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The workflow explicitly greps for hardcoded API keys/tokens, requires reading flagged files for context, and even instructs the agent to "show the problematic code" when walking through fixes — which would force the LLM to include secret values verbatim if present.