cisco-ise-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt both shows and instructs commands that accept and reveal secrets (e.g., --user-password, --radius-secret, env vars) and explicitly notes that network-device get exposes RADIUS shared secrets in plaintext, meaning an agent/LLM would need to handle and could output secret values verbatim.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs that an agent with shell access can bypass local protections by editing ~/.cisco-ise/config.json to remove the readOnly flag (and also exposes flags like --no-audit), which is guidance to modify the local agent environment and bypass safety controls, so it should be flagged.