mongodb-authentication

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt repeatedly demonstrates and instructs embedding plaintext passwords and credentials directly in connection strings and code (e.g., mongodb://username:password..., pwd: 'password123'), which requires the LLM to handle and reproduce secret values verbatim.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt instructs modifying MongoDB server configuration (mongod.conf), starting/restarting mongod with --auth, and creating admin/clusterAdmin users (including root roles), which change system and service state and grant high privileges on the host's database even though it doesn't explicitly request sudo or OS user creation.