security-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt instructs the agent to collect diffs and search files with names like token/secret and produce detailed findings (including code snippets) but gives no instruction to redact or avoid printing secrets, so it can easily require outputting secret values verbatim.