code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read diffs and include file:line locations and code examples (and to consult external Codex), which can force the LLM to surface hardcoded secrets verbatim and/or send them to external tools without any redaction guidance.