frigate-nvr

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit plaintext credentials (e.g., RTSP URLs with user:pass, FRIGATE_RTSP_PASSWORD: "password", mqtt password fields) and examples that instruct embedding them directly into compose/config and command examples, which would require the agent to output secrets verbatim.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The docker-compose references the remote image ghcr.io/blakeblackshear/frigate:stable which is fetched at runtime and executes remote code that this skill depends on, so it is a runtime external dependency that can execute code (ghcr.io/blakeblackshear/frigate:stable).