mongodb

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a hardcoded plaintext password ("secret") in the db.createUser example, which instructs the agent to produce code/commands that contain a literal credential and thus risks verbatim secret output.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes commands that modify system state (apt install, systemctl start) which require elevated privileges and would change the host system, so it should be flagged as potentially compromising.