business-logic-extractor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to read and include real code/config snippets (including constants, config files and .env examples) "from the actual codebase, annotated" without any redaction guidance, so if secrets are present in the repo the LLM would be expected to reproduce them verbatim in its output.