object-storage

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes plaintext credentials (MINIO_ROOT_USER=admin and MINIO_ROOT_PASSWORD=password) used directly in commands, which requires the agent to reproduce secret values verbatim and thus creates an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes commands to deploy a self‑hosted MinIO instance with docker run that binds host ports and mounts a host directory (e.g., -v /data:/data), which alters the host filesystem and runs services on the machine and can require elevated privileges.