context-bundling

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to read and embed file contents verbatim (to produce "100% of the context") with no guidance to redact or avoid secrets, so if the manifest includes config/.env or other secret-bearing files the LLM would output those secret values directly.