servel

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that pass secret values directly on the command line (e.g., servel secrets set API_KEY "value") and commands that get/inject secret values, which can require the agent to include secrets verbatim in generated commands or configs.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt contains commands that create user accounts, manage SSH keys, install system services (systemd), provision/remove nodes, and run destructive operations (prune --volumes / install scripts), which can modify the host/system state and thus potentially compromise the machine.