code-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt mandates "MUST quote actual code from Read tool output" and produce PoCs/reports based on repo contents, which would force the LLM to reproduce any embedded secrets (API keys, tokens, or passwords) verbatim if they exist in the codebase.