security-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The review instructs the agent to cite file:line and produce concrete exploit scenarios for "secrets handling, environment variable changes, crypto code" but does not require or instruct redaction, so the agent may need to read and could include secret literals verbatim (hard-coded keys, tokens, or passwords) in its output — creating an exfiltration risk.