review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). This skill requires ingesting and verbatim-quoting full diffs, commit lists, and hunks in reports (and sending them to subagents) so any API keys/passwords present in the repo/diffs would be output unchanged, creating a clear secret-exfiltration risk.