document-processing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill includes examples that embed passwords directly in code and command-line invocations (e.g., writer.encrypt("userpassword") and qpdf --password=mypassword), which encourages including secret values verbatim in generated outputs/commands and is therefore an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.40). The skill includes explicit system-level install instructions using "sudo apt-get install" which instruct modifying the machine state and requesting elevated privileges, though it does not ask to create users or edit privileged system files or bypass security mechanisms.