imsg-rpc

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds a hard-coded passphrase ("imsg123") used verbatim in command-line options (openssl -passout and security -P), which instructs repeating secrets in output and uses an insecure pattern of passing secrets on the CLI.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs modifying system/security state—installing an app in /Applications, creating/signing and importing a code-signing cert, adding it to trust, loading a launchd agent, and querying/modifying TCC/keychain entries—actions that alter OS-level security and services.