deep-research-with-codebase

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill directs the agent to read repository files and append verbatim findings (with file:line citations) into persistent logs (FINDINGS.md/REPORT.md) and to capture subagent summaries verbatim, which can cause any secrets present in the codebase (API keys, tokens, passwords) to be output unchanged — i.e., it requires no redaction and thus risks secret exfiltration.