postgresql-psql

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains multiple examples that embed plaintext passwords and credentials directly into connection strings, environment exports, .pgpass entries, and SQL statements (e.g., postgresql://username:password@..., export PGPASSWORD=..., CREATE USER ... WITH PASSWORD '...'), which encourages the agent to include secret values verbatim in generated commands and code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes instructions to edit server configuration (postgresql.conf) and use server-side COPY/backup/archive commands that write to filesystem paths (e.g., /archive, /backups, /tmp), operations that modify system files or require elevated/superuser access and thus can change the machine state.