worklog-report

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill asks the agent to append the raw report output verbatim (Git commits, Claude/Cursor sessions), so any secrets present in those raw data streams (API keys, tokens, passwords in commits or session logs) would be reproduced in the LLM output even though the prompt does not explicitly request credentials.