plan-executor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires inlining "actual values from the plan and project context" (and file contents) directly into SubAgent prompts and retry prompts, so any secrets present in project files (env vars, API keys, tokens, cookies, passwords) would be copied verbatim into the LLM's outputs and forwarded to SubAgents.