rotate-key

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly takes or requests a NEW_VALUE and instructs the agent to embed that secret verbatim into commands, scripts, and example invocations (and even shows real-looking keys), forcing the LLM to handle and output secrets directly.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs modifying system state—updating the macOS Keychain, editing local .env files, running gcloud to change secret manager entries, kubectl rollouts to restart deployments, and updating CI secrets—actions that change local credentials and remote infrastructure and therefore can compromise the machine/environment.