yy-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to output code excerpts and flag hardcoded sensitive information but gives no direction to redact secrets, so when auditing changed files the model would likely include secret values verbatim in its reports.