smell

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to scan the codebase and include "Evidence" code snippets and file:line references in the generated report but gives no guidance to detect/redact secrets, so the LLM may output API keys, tokens, or passwords verbatim if they appear in source files.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)