codebase-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to find and present hardcoded user/account-specific values (API keys, tokens, emails) and to include the offending code/comments and file/line references, which requires outputting secret values verbatim and thus creates an exfiltration risk.