winapp-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that pass a certificate password on the command line (e.g., --cert-password secret), which encourages embedding secret values verbatim in commands and outputs, creating an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs the agent to generate and install development certificates into the local machine store and to add package identity to executables (actions that modify system-wide security state and may require elevated privileges), so it pushes the agent to change the host's security-sensitive configuration.