use-codex-llm

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt doesn't explicitly ask for credentials, but its insistence on providing concrete, non-placeholder argument values and exact file/command payloads (without guidance to use env vars or secret stores) effectively pressures the agent to include secret values verbatim in tool/command outputs or file writes.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill mandates executing shell commands and performing Write/Edit operations with absolute file paths and minimal confirmations, which enables arbitrary state-changing actions (including modifying system files) even though it does not explicitly request sudo or user-account changes.