security-audit-checklist

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The checklist's evidence and audit-report templates explicitly require including offending code snippets/locations (e.g., "Evidence: {code snippet}") which would cause the agent to read and output hardcoded secrets verbatim if present.