tighten-file

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires reviewers to "quote current text" and output proposed edits for files, so if an instruction file contains API keys, tokens, or passwords the agent would be asked to reproduce them verbatim, creating an exfiltration risk.