code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires the reviewer to display "Exact problematic code" and full file/line contents in its outputs (with no redaction guidance), so if the repo contains hardcoded API keys, tokens, or passwords the LLM would be expected to reproduce them verbatim, creating an exfiltration risk.