stacksmith-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill runs automated secret scans (grep for api_key/secret/private_key/etc.) and requires verified file:line findings for security reports without any redaction guidance, which will likely cause the agent to read and relay secret strings verbatim from the repo output.