code-improvement-advisor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill requires reproducing user-provided source files verbatim in Before/After code blocks (and may edit files), so if those files contain API keys, tokens, or passwords the LLM will output them directly and there is no instruction to redact or otherwise avoid exfiltrating secrets.