django

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes hardcoded plaintext credentials (e.g., "PASSWORD": "mypassword" in settings.py), which is an insecure pattern that requires the LLM to include secret values verbatim in examples and outputs, creating exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes deployment steps that modify system-level configuration and file paths (e.g., /etc/nginx/sites-available, /var/log/django, scheduling with cron) which would change the host machine state and typically require elevated privileges, so it poses a risk of compromising the machine.