review-claudemd

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt directs agents to read raw conversation files (which can contain API keys, tokens, or passwords) and asks for detailed, specific bullet-point outputs without any redaction or sanitization instructions, so the model may needlessly include secret values verbatim in its analysis.