reference

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds plaintext credentials and secret values (e.g., DB_PASSWORD=secret, AWS_SECRET_ACCESS_KEY=minio123, root MySQL password) in .env/config examples and command references, which would require the LLM to include those secrets verbatim when reproducing or using the configuration.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs running "sudo mkcert -install" (which modifies the system trust store and requires elevated privileges) and references system files like /etc/hosts, so it encourages actions that change the machine's state and require sudo.