document-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly passes the full document text to multiple agents and requires presenting inline edits, quoted findings, and "what was changed" summaries without any redaction rules, so if the document contains API keys/passwords the LLM will necessarily ingest and may output those secrets verbatim.