docker-swarm

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed secrets/tokens directly in commands (e.g., echo "password" | docker secret create ..., and docker swarm join --token <WORKER_TOKEN> ...), which encourages placing secret values verbatim on the command line and in output.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Attempt to compromise machine state in skill instructions detected (high risk: 0.90). The skill explicitly instructs running Docker swarm and cluster-management commands (init, promote/demote nodes, create secrets, force-new-cluster, deploy stacks) that modify system-level state and handle sensitive secrets and typically require privileged access to the Docker socket, so it can compromise the host.