artifact-collection

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples explicitly print and embed sensitive values (environment variables, SSH keys, clipboard contents) and even include a hardcoded encryption_password in code, which requires the LLM to output secret values verbatim.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly directs collection of privileged artifacts (memory dumps, registry hives, SAM, SSH keys), suggests running with elevated privileges and deploying collection agents remotely, which pushes the agent toward performing privileged actions and modifying system state.