cs-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The audit mandate requires including file:line plus exact code snippets as evidence, so if the scanned code contains API keys/passwords/tokens those secret values would be reproduced verbatim in the agent's output, creating an exfiltration risk.