emergency-rescue

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs running commands that require inserting secrets verbatim (e.g., aws iam delete-access-key with an access key ID, git log -S '', and examples of token patterns), which would force an LLM agent to handle/output secret values directly and risk exfiltration.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly tells users to "Download from https://rtyley.github.io/bfg-repo-cleaner/" and then run "java -jar bfg.jar", which instructs fetching and executing remote code at runtime (high-risk executable dependency).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt gives step-by-step commands that require and instruct use of sudo/root to modify system files, services, and user privileges (e.g., visudo/usermod, editing /etc files, truncating logs, restarting systemd services, rebooting), so it explicitly pushes modifying the host state and elevating privileges.