databases

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains many examples that embed plaintext credentials and connection strings (e.g., export POSTGRES_URL="postgresql://user:password@...", -p password, -a password, .codebuddy/mcp.json envs), which require the agent to include secret values verbatim in commands and config—an explicit high-risk exfiltration pattern.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The .codebuddy/mcp.json entries run npx to fetch and execute remote npm packages at runtime (e.g., @modelcontextprotocol/server-postgres, @modelcontextprotocol/server-mongodb, @modelcontextprotocol/server-redis), which are required MCP server dependencies and will execute remote code when started.