security-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to scan code for exposed API keys/secrets and emit a report with a "context" snippet, which implies the model will read and output secret values (or secret-containing snippets) verbatim unless redaction is specified.