threat-modeling

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill mandates extracting "real code evidence" (NO MOCK DATA) and, in debug mode, publishing internal .phase_working YAML data (including knowledge-base queries and project context), which creates a high risk that any secrets found in the codebase (API keys, tokens, passwords) would be included verbatim in generated outputs.