review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to read files and include specific code examples/problematic patterns in its report but gives no guidance to redact secrets, so any hardcoded API keys or credentials in the reviewed code could be reproduced verbatim in output, creating an exfiltration risk.