ghost-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes explicit examples of passing passwords/secrets as command-line arguments (e.g., --dbpass secret, --mailpass password), which instructs the agent to include secret values verbatim in commands/outputs and therefore requires handling secrets directly.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to run sudo commands, install global packages, create system users, and modify systemd/NGINX/SSL files (system-level configs and permissions), which directly change the host machine's state and require elevated privileges.