arize-compliance-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires quoting exact code snippets ("Do not paraphrase; quote the actual code") when reporting gaps (including hardcoded api_key/secret literals), which would force the LLM to output any secrets found in the codebase verbatim, creating an exfiltration risk despite other guidance to prefer env vars.