run-sql

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). It auto-extracts DB credentials (USER/PASSWORD) from project files and instructs building CLI commands that interpolate them (e.g., -p, psql -U -d ...), which forces the agent to handle and potentially output secrets verbatim.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill instructs the agent to execute shell database commands on the local environment (via docker/psql/mysql/sqlite), which can change application state and expose credentials—so it poses a moderate risk of compromising the machine’s state even though it defaults to read-only and forbids DROP/TRUNCATE.