dotnet-container-deployment

[Skill Scanner] Credential file access detected This document is a legitimate deployment/DevOps guidance skill for .NET container deployments. No malicious code or exfiltration behavior is present. Main security issues are pedagogical/instructional: concrete examples include plaintext credentials and use unpinned :latest images which, if copy-pasted into real repos, create credential-leak and supply-chain risks. The workflow and manifests themselves are otherwise appropriate for the stated purpose. Recommend removing hardcoded secrets from examples, pinning image versions, and emphasizing external secrets management and CI secret handling. LLM verification: The skill is legitimate documentation for deploying .NET containers and CI/CD workflows, not malware. However, it contains concrete insecure examples (plaintext secrets in Kubernetes Secret.stringData and docker-compose environment variables, and a dev bind-mount) that could cause credential leakage or increased blast radius if copied into repositories or used in production. Recommend removing or replacing plaintext secrets with placeholders, emphasizing external secret management, and warning c