code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill ingests raw staged diffs (which may contain secrets), instructs the agent to include findings verbatim, and even passes the full prompt/diff as a command-line argument to delegated CLI agents—creating a high risk of exposing secret values verbatim.