Ansible

[Skill Scanner] Credential file access detected All findings: [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This SKILL.md is a legitimate Ansible skill/documentation with capabilities aligned to its stated purpose. It does not contain clear malicious code or backdoors, but it includes insecure examples and guidance that meaningfully increase the risk of credential exposure and SSH MITM (hardcoded example password, example private key placeholder, recommending host_key_checking = False, passing secrets on the command line, and use of ansible_ssh_pass in inventory). Treat the documented examples as potentially sensitive: remove hardcoded secrets/IPs from public docs, prefer encrypted vaults, avoid passing secrets on the command line, and do not disable host key checking. Overall risk is moderate due to insecure practices rather than active malicious behavior. LLM verification: This SKILL.md is a documentation-only Ansible skill describing playbooks, inventories, and operational patterns. It does not contain active malicious code, but it includes several insecure practices and supply-chain risks: unpinned installs (pip/brew), commands that download and execute third-party code (npm, NodeSource, git), explicit references to ~/.ssh and example plaintext secrets, example public IPs and a sample password, and use of custom secret-retrieval scripts with CLI injection. Those