frappe-ops-backup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that place passwords and secret credentials directly into command-line flags and configuration fields (e.g., --db-root-password, --admin-password, AWS Secret Access Key), which encourages embedding secrets verbatim into generated commands or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs fetching backups from offsite third-party storage (e.g., "Download latest backup from offsite storage $ aws s3 cp s3://backups/..." in Workflow 3) and then restoring those backups (bench restore), which clearly ingests untrusted user-generated content that can materially change system state and subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes explicit privileged operations that modify system state—e.g., sudo supervisorctl stop/start, adding cron jobs (bench setup backups), destructive restore/drop-site commands and file removals—so it directs the agent to perform privileged/system-changing actions.