winapp-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and patterns that embed certificate passwords and other secrets directly in CLI arguments (e.g., --cert-password secret), which requires the agent to handle and output secret values verbatim and is therefore insecure.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs installing development certificates into the local machine store, adding package identity to executables, and running system-level installers (winget), all of which modify system-wide state and can require elevated privileges and affect machine trust/security.