mongodb

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill contains numerous examples that embed plaintext credentials (e.g., db.createUser with pwd: "strongPassword", connection URIs like mongodb+srv://user:pass..., and kmsProviders with accessKeyId/secretAccessKey), which encourage including secret values verbatim in code/commands and therefore pose a high exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit sudo installation commands and instructions to edit system configuration (e.g., adding apt sources, writing mongod.conf, and running sudo systemctl) which direct the agent to modify the host system and require elevated privileges.