docker

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains explicit plaintext credentials and connection strings (e.g., DATABASE_URL=postgres://devuser:devpass..., POSTGRES_PASSWORD: devpass, and similar examples) in Docker Compose and migration examples, which would require the LLM to reproduce secret values verbatim if it outputs those snippets.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes host-level privileged operations (e.g., "sudo sh get-docker.sh", "sudo usermod -aG docker $USER", apt-get installs) and destructive host-altering commands (docker system/volume prune, compose down -v) that instruct modifying the machine state and require sudo privileges.