audit-full

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill loads entire codebases into the model context and explicitly instructs "secret detection: Scan for hardcoded credentials, API keys, tokens" and to output findings incrementally, which risks the LLM seeing and potentially emitting secret values verbatim in reports.