security-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs scanning for hardcoded secrets (API keys, private keys, tokens) and does not require or mention redaction, so an LLM performing the review would likely need to surface verbatim secret values in its findings, creating an exfiltration risk.