code-auto

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt mandates reading project files and "cite file:line evidence" and to break work into tasks for each file read, which can force the agent to include verbatim file contents (and thus any embedded API keys/secrets) in its outputs, creating a substantial exfiltration risk even though it doesn't explicitly ask the user for credentials.