security-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill ingests diffs and secret-scan output, identifies hardcoded keys and vulnerable snippets, and explicitly tells the agent to save and display the full report (and optionally post PR comments) without any redaction rules, so the LLM would likely read and may output secret values verbatim.