bench-commands

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt hardcodes plaintext credentials (e.g., Database Root Password 123, Admin Password admin) and instructs the agent to include flags like --db-root-password 123 verbatim in commands, which requires the LLM to handle/output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes commands that fetch and consume arbitrary public content—e.g., "bench get-app https://github.com/..." in references/app-management.md and "bench download-translations" in references/translation-operations.md (and remote URL management in references/app-development.md/more-commands.md)—which causes the agent to download and interpret untrusted, user-provided third‑party content from GitHub and community translation servers.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes instructions for production setup (NGINX/SSL), editing docker-compose.yml to persist MariaDB settings, recreating database users and using DB root credentials, and other site-management/restore actions that modify system or service configuration and can change machine state, so it pushes the agent toward actions that can compromise the host.