university-project-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt runs commands that read/cat env files and search for hardcoded API keys/secrets and requires embedding findings and code snippets in REVIEW.md, which can force the model to reproduce secret values verbatim (exfiltration risk).