code-polish

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill reads Python files and lists/replaces string literals verbatim in reports and code (e.g., suggesting constants like ACTIVE_STATUS = "secret_value"), so any API keys or passwords hard-coded as string literals would be exposed in the agent's output.