commit-security-scan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read full file contents and embed "code_context" (vulnerable code snippets) in the generated report without any redaction rules, so any hardcoded API keys or passwords found in code would be included verbatim in the output.