windows-vm

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs embedding plaintext credentials verbatim (e.g., -e PASSWORD="password", sshpass -p 'password', ssh commands with literal passwords), which requires the LLM to output secrets directly and is therefore insecure.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly downloads and runs a remote Windows installer at runtime—Invoke-WebRequest pulls and msiexec runs https://nodejs.org/dist/v22.14.0/node-v22.14.0-x64.msi as part of the setup, which executes remote code and is required for the skill's advertised functionality.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt directs running privileged host operations (sudo apt installs), Docker commands that manipulate host state and grant container elevated capabilities (--device /dev/kvm, --cap-add NET_ADMIN), and file modifications/removals on the host, which push the agent to change/compromise the machine state.