aliyun-fc-serverless-devs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that place AccessKeyID/AccessKeySecret directly into CLI arguments and JSON env vars (non-interactive s config add with --AccessKeySecret and exported JSON), which would require the agent to handle and potentially output secret values verbatim, creating exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt repeatedly instructs use of sudo for global installs and CLI operations (e.g., sudo npm install -g, sudo s config add, sudo s init, sudo s deploy), which directs the agent to perform privileged, system-level modifications that can compromise the machine state.