github-workflows-ollama

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill template embeds plaintext credentials (e.g., PGPASSWORD / POSTGRES_PASSWORD set to "password") directly in the workflow and service env blocks, which forces the agent to output secret values verbatim in generated CI configurations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The workflow contains a runtime step that executes a remote installer via "curl -fsSL https://ollama.com/install.sh | sh", which fetches and runs remote code during CI and is thus a high-risk external dependency.