harden

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires each finding to include a verbatim "Anchor" and writes findings (including secrets detected by the cross-cutting/secrets detectors) into reports/findings.json, which forces the agent to capture and output exact secret strings (API keys, tokens, passwords) if present in the repository.