dokploy-management

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt mostly relies on environment variables for the API key (safe) but also includes numerous examples and CLI patterns that embed sensitive values (database passwords, webhook URLs, etc.) directly as command arguments, which would require the LLM to include user-provided secrets verbatim in generated commands or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's CLI exposes endpoints that accept arbitrary external URLs and provider references (e.g., baseUrl in /compose.deployTemplate, /compose.getTags, /compose.templates; apiUrl in /ai.getModels; and various github/gitlab/gitea branch/repo endpoints) so the agent/Dokploy workflow will fetch and process content from public third-party URLs and repositories, which can materially influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes a "stripe" domain with actions such as "createCheckoutSession" (billing) and other Stripe-related capabilities. Those are specific payment-gateway operations (Stripe) rather than generic HTTP or automation tools, so the skill is explicitly capable of initiating financial transactions/checkout flows. Therefore it grants direct financial execution authority.