docker-to-sealos

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt mandates embedding user-provided "inputs" (e.g., external API keys/SMTP) directly into env[].value and allows generated defaults (random passwords/keys) to be emitted, which would require the LLM to include secret values verbatim in generated templates despite safe handling of DB creds via secretKeyRef—so it presents a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md Step 1: "if official Kubernetes installation docs/manifests are available, also extract app-runtime behavior from them") and the conversion guidance (references/conversion-mappings.md requiring a dual-source merge with "official Kubernetes installation docs/manifests" — e.g., public GitHub/raw docs) explicitly require loading and interpreting open/public third‑party installation docs which can materially change conversion decisions, exposing the agent to untrusted external content.