pipeline-operations

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed plaintext credentials and passwords directly in commands and configuration (e.g., mysql -u root -proot and mysql://root:root@...), which requires handling or outputting secret values verbatim and is therefore insecure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly supports starting a pipeline from an external GitHub or other repository via --source-vcs-uri (see "Start from an external (non-Acquia) repository") and includes streaming logs/using job output as part of the workflow, which means the agent can fetch and consume untrusted, user-generated repository content and build logs that could materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The GitHub Actions example fetches and installs a remote executable at runtime via "wget https://cloud.acquia.com/pipelines-client/download -O pipelines", which downloads and runs remote code that the skill relies on to operate.