security-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires including "evidence (the exact code snippet)" for findings and flags hardcoded secrets as a category, which would force the agent to reproduce secret values verbatim from repository files into its report.