subagent-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires subagents to read source files and include "Evidence" with specific code snippets in review and verification reports, so if those files contain API keys, tokens, or passwords the agents would be expected to reproduce them verbatim, creating an exfiltration risk.