postgresql-expert

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed plaintext credentials (e.g., DATABASE_URL with user:pass, primary_conninfo with password, and CREATE ROLE ... PASSWORD 'password'), which encourages reproducing secret values verbatim in commands and config and thus poses a high exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill focuses on database administration and SQL (safe) but also explicitly advises changing postgresql.conf/recovery.conf and archive_command (editing PostgreSQL system config files), which can modify system state and often require elevated privileges even though it doesn't explicitly instruct privilege escalation or creating OS users.