review-agentic-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt directs the agent to read and enumerate configuration files (including .claude/settings.local.json) and to list hook commands and MCP server entries verbatim, which could contain API keys, tokens, or credentials and therefore risk exfiltrating secrets if output unchanged.