register-ml-model

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that embed credentials directly in command-line URIs (e.g., postgresql://user:pass@...) and instructs configuring connection URIs and CI/CD secrets, which encourages producing commands or config containing verbatim secret values and thus creates an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill sets a runtime MLflow endpoint (http://mlflow-server.company.com:5000) and an artifact root (s3://mlflow-artifacts/models) and calls mlflow APIs such as mlflow.sklearn.load_model and mlflow.register_model which fetch remote model artifacts at runtime — loading those artifacts can execute code (e.g., via unpickling), so this is a required external dependency that may execute remote code.