rotate-api-keys

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires the agent to ask for old and new API keys and embed them verbatim into generated commands (e.g., sed "s|OLD|NEW|g"), forcing the LLM to handle and output secret values directly.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). This skill instructs the agent to search for and automatically edit potentially sensitive configuration files, keystores, and logs across the filesystem (modifying state with in-place edits and backups), which can alter the machine's state and impact security — even though it doesn't explicitly request sudo, it could touch privileged files.