pua-en

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly allows/encourages asking users for "passwords, accounts" when needed and mandates pasting command/verification outputs and evidence verbatim, which can force inclusion and exfiltration of secrets in the agent's outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to "use search" and "read the raw material" (Step 2: "Proactively search" and "Read the raw material") and even to consult "official docs + Issues" and search complete error messages, which requires fetching and interpreting public/user-generated third‑party web content that can materially influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs the agent to "act before asking" using command execution, to run builds/tests, restart services, and verify config changes (e.g., "Changed config? Restart the service and check"), which strongly encourages making system-level changes that may require sudo or modify system files and thus can compromise the machine state.