scanning-infrastructure-with-nessus

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes curl examples that directly embed credentials (e.g., '{"username":"admin","password":"password"}') and use tokens in headers (X-Cookie: token=), meaning an agent following it would need to insert secret values verbatim into generated commands/requests.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running sudo systemctl commands and other privileged nessuscli operations that modify services and system state (requiring root), so it pushes the agent to perform privileged/system-changing actions.