arch-security-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt mandates citing file:line evidence and grep results for every finding (and to include file:line snippets in reports), so if a file contains API keys/passwords the agent must reproduce those secret values verbatim in its output—creating an exfiltration risk.