autonomous-execution

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to request and accept user-entered credentials (e.g., "paste the 6-digit SMS code") and then "immediately handle the rest yourself," which encourages the agent to receive and use secrets that may be embedded verbatim in commands or outputs.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). High-risk: the skill explicitly commands the agent to bypass human consent and autonomously perform potentially destructive or exfiltrative actions (git pushes including force, deployments to production, deleting files/records, publishing packages, sending messages via APIs), which functions as a backdoor enabling unauthorized modifications, supply-chain abuse, and potential data exfiltration or credential misuse.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly directs the agent to autonomously perform destructive, state-changing operations (push, deploy, delete files/branches, publish) without human approval, which encourages compromising the host system's state.