docker-compose-orchestration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes many examples that embed plaintext credentials and secret values directly in compose files (e.g., POSTGRES_PASSWORD=password, MINIO_ROOT_PASSWORD=minioadmin, JWT_SECRET=dev-secret), which would lead an agent to output secrets verbatim rather than keep them hidden or referenced via safe mechanisms.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill includes explicit examples that run docker-compose, bind-mount host paths (including /var/run/docker.sock, /usr/bin/docker, /, and /var/log), use host networking, and run containers as root—actions that enable containers to access or modify the host and thus can compromise the machine even though it doesn't explicitly request sudo or user creation.