infrastructure

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed secrets verbatim (inline AWS access/secret keys and kubectl --from-literal usage / placeholders for API keys), which instructs the agent to place secret values directly into commands and config files, creating exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill includes commands that modify cluster state (helm install, kubectl create secret) and references sensitive host resources (rootfs_path="/" and /var/run/docker.sock) which can require privileged access or enable host compromise even though it doesn't explicitly request sudo or create users.