refine-skill-design

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill requires reading, modifying, and emitting full SKILL.md contents and diff summaries (and to default-overwrite files), so if those files contain API keys or passwords the agent would necessarily output them verbatim — it doesn't explicitly request secrets but mandates emitting file contents which creates exfiltration risk.