code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires producing "Before" code snippets and reports that explicitly call out hardcoded secrets (and even includes a literal API key example), so it will reproduce any embedded credentials from the repo verbatim in generated output, creating an exfiltration risk.