terraform

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt tells the agent to ask the user for their password and "use sudo -S", which requires capturing and supplying a plaintext secret (and can lead to embedding it in commands or stdin), creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly tells the agent to "use read https://github.com/neovim/neovim/blob/master/INSTALL.md", requiring it to fetch and interpret a public GitHub page whose instructions could change how installations and subsequent actions are performed.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly directs the agent to perform system-wide package installs and change the default shell and even tells the agent to ask for the user's password and run sudo -S, which requires elevated privileges and modifies the machine state.