setup-container-registry

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains multiple insecure patterns (hard-coded admin password in harbor-values.yaml, curl/cli examples that pass tokens or passwords on the command line or in headers, and instructions that decode and print secrets), which require or encourage the LLM to include secret values verbatim in generated commands/files.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's CI/CD workflows fetch and execute external GitHub Actions at runtime (for example "uses: docker/login-action@v3" -> https://github.com/docker/login-action), which are remote repositories pulled and executed by the runner and therefore constitute runtime external code dependencies.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs privileged operations (e.g., "sudo mv /usr/local/bin", running docker with --privileged, and cluster/helm installs) that modify system state and require elevated privileges, which can change the host's security posture.