surrealdb

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt repeatedly embeds plaintext credentials (e.g., "--user root --pass root" and default SURREAL_PASS/SURREAL_USER values) in CLI examples and workflows, which requires the agent/LLM to include secret values verbatim in generated commands—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes a required maintenance workflow (scripts/check_upstream.py) that the agent is explicitly instructed to run (SKILL.md / AGENTS.md) and which calls the GitHub API via the gh CLI to fetch public upstream repository data (user-generated commits/tags) whose JSON output is intended for agent consumption and can materially influence update/decision workflows.