claude-code-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs extracting raw user prompts, attachments, settings.json, hook scripts and writing those transcripts and drafted artifacts into output files without any redaction step, so any secrets pasted into sessions or configs would be read and likely reproduced verbatim in the audit outputs.