promovaweb-devops-docker-swarm

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed secrets and tokens verbatim (e.g., echo "password" | docker secret create and docker swarm join --token <WORKER_TOKEN>), which encourages producing commands that contain secret values in output and increases exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). Yes — the skill instructs the agent to perform Docker Swarm cluster and node operations (init/join, promote/demote, create services, secrets, volumes, force-new-cluster, etc.) which alter system and network state and typically require elevated privileges, so it pushes the agent to change the host state.