code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill requires reviewers to read project files and include structured findings/evidence in outputs without any redaction or secret-handling guidance, so any hard-coded API keys or passwords in the code could be copied verbatim into JSON findings or the synthesized report.