self-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to read and include full file contents/diffs and related files in sub-agent prompts (with no redaction or secret-handling rules), which can contain API keys/passwords and thus forces the LLM to handle and potentially emit secret values verbatim.