surrealdb

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes many example commands and workflows that embed credentials verbatim (e.g., --user/--pass root and default SURREAL_PASS env var), which would require the agent to output secret values directly in commands and is therefore insecure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and AGENTS.md explicitly instruct agents to run scripts/check_upstream.py and related "Upstream Source Check" commands which compare HEADs/tags against SOURCES.json and reference public GitHub repos and the surrealdb.com/docs snapshot, meaning the agent will fetch and interpret open/public third-party content (GitHub/docs) as part of its workflow and that content could influence subsequent actions.