bk-monitor-dev-server

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly tells the agent to "向用户索要 URL/Cookie/Token" (ask the user for URL/Cookie/Token), which requires the LLM to receive and likely embed secret values verbatim into configuration or commands, creating an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly directs configuring "hosts" and adding hosts mappings—which implies editing the system /etc/hosts (a privileged system file) and thus modifies the machine state and may require elevated privileges.