docker-management

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that embed plaintext credentials (e.g., docker run -e DATABASE_URL=... and docker-compose with POSTGRES_PASSWORD: secret), which instructs or encourages putting secrets directly into commands/files and therefore requires or leads the LLM to handle/output secret values verbatim.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs the agent to perform host-level Docker operations and explicitly suggests modifying a system file (/etc/docker/daemon.json) and running commands that require elevated privileges or alter host state (prune, bind mounts, buildx, etc.), which can change or compromise the machine's state.