workflow-review-changes

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The workflow mandates reviewing all uncommitted changes and returning file:line evidence for findings (via git diff and detailed reports) which effectively requires the agent to read and potentially output any secret literals present in the code, so it can exfiltrate API keys/passwords verbatim.