fiftyone-troubleshoot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to print and show configuration values (e.g., fo.config.database_uri and cat ~/.fiftyone/config.json) which can contain database URIs with embedded credentials, requiring the LLM to output secret values verbatim.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime calls to download plugins (e.g., fo.download_plugin("voxel51/fiftyone-plugins", ...)), which will fetch a remote repository (voxel51/fiftyone-plugins) whose code/plugins can be executed by the FiftyOne app, so this is a runtime external dependency that can execute remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly instructs the agent to modify user config files, append to shell/profile scripts, kill processes, re-encode/overwrite files, and even delete the FiftyOne DB directory (rm -rf ~/.fiftyone/var/), all of which change machine state and can be destructive (even though the prompt demands explanation and explicit user confirmation before acting and does not request sudo/system-level changes).