review-recent-work

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill requires reading ExecPlan and repo files and extracting/running validation commands and reporting what changed, so if those files or commands contain embedded API keys, tokens, or passwords the agent would need to handle and could output those secret values verbatim (exfiltration risk).