story-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs agents to read project files, grep content, and include specific quoted excerpts and file locations in FINDINGS/违规位置, so any secrets present in the reviewed content would be reproduced verbatim and thus exfiltrated.