dagster-per-asset-healthchecks

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds an actual API key ("hcw_Xxfgcx...") and shows curl examples that place the key directly in request headers, meaning an agent following the skill would need to output the secret verbatim (high exfiltration risk).

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I flagged the literal API key string because it is a high-entropy, non-placeholder value that could be used directly with the healthchecks.io API. The doc contains the line "API key in 1Password: hcw_Xxfgcx40LFjb2JJlDJvDainCDIXg" — this is not a placeholder (not YOUR_API_KEY/sk-xxxx/etc.), not truncated/redacted, and matches the form of an actual API credential supplied inline.

Ignored items and why:

• The curl examples use "X-Api-Key: " — placeholder, ignored.
• Ping URLs like "https://hc-ping.com/..." contain "..." (truncated/redacted) and are ignored.
• The SSH key path (/home/emiller/.ssh/id_ed25519) references a file path, not key material — ignored.
• No other high-entropy literals present.

Because the inline hcw_... value is a usable API key, it is a real secret disclosure.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs running sudo on the target system (scp/ssh nuc "sudo bash /tmp/push.sh") and to use root/emiller's SSH key to push changes, which directs the agent to perform privileged, state-changing operations on the machine.