skill-create

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). Risk is high because the workflow directs the LLM to read project files and include "code examples from actual project files" and suggestion contexts verbatim in generated SKILL.md (and to update btw suggestion fields) without any instruction to redact or avoid secrets, so any API keys/passwords present in those files could be output exactly.