skill-permissions

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to read SKILL.md and config files and outputs detected commands verbatim (with no redaction rules), so any embedded API keys or tokens in those files could be exposed in the LLM output.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs the agent to modify local skill files and to write to ~/.claude/settings.json (including a high-risk /skill-permissions inject that batch-edits SKILL.md files and auto-adds allow rules), which can change agent behavior and expose or escalate permissions even though it does not request sudo or create system users.