review-branch

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs agents to read full diffs and new file contents and to produce/fix code changes, which can expose any embedded API keys, tokens, or passwords verbatim in the agent's outputs (code snippets, diffs, or summaries), so it creates a real exfiltration risk even though it doesn't explicitly request credentials.