sap-btp-service-manager

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes command, curl, and YAML examples that explicitly show inserting client secrets/tokens (e.g., --client-secret, manager.secret.clientsecret, client_secret in the OAuth curl), instructing the agent to embed secret values verbatim into commands/requests and thus creating exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill includes explicit commands that require elevated privileges (e.g., "sudo mv smctl /usr/local/bin") and instructions to install binaries and cluster components, which modify the host/cluster state and thus push the agent to change the machine's state.