finalize

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The push step builds a token-authenticated Git URL by embedding GH_TOKEN into the remote URL and uses it in a git push (passing the secret in a command/URL), which instructs exposing a secret value in command-line/output.