reviewing-cc-config

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt instructs the agent to read settings.json, hook scripts, present file-level findings, show line-numbered reports and (optionally) apply fixes and show diffs — actions that can force the LLM to reproduce literal file contents (including API keys, tokens, or passwords) in its output, so it can exfiltrate secrets.