postgresql-psql

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains numerous examples that embed plaintext passwords and connection strings (e.g., postgresql://user:password@..., export PGPASSWORD=..., .pgpass entries, CREATE USER ... WITH PASSWORD '...'), which encourages the agent to output secret values verbatim and thus poses a high exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs changing PostgreSQL server configuration (postgresql.conf) and performing server-side COPY to filesystem paths (and creating superuser database roles), which can modify server/system files and require elevated privileges, so it can alter the machine's state.