friction-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires reading and embedding the full artifact (and any referenced config/files) into reviewer prompts and then reporting findings verbatim, so if those files contain API keys, tokens, or passwords the LLM will likely handle and output them verbatim, creating an exfiltration risk.