audit-security

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to surface matched lines/quotations (e.g., "What was found: ") and to run/construct commands that search for or replace specific secret strings (git log -S, filter-repo replace-text), which requires including secret values verbatim in output or generated commands, creating an exfiltration risk.