vps

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes concrete examples that embed plaintext secrets (e.g., "password": "SecurePass123!") and shows Authorization headers and SDK constructors that would be filled with API tokens/passwords, forcing the agent to include secret values verbatim in generated commands or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's Docker Manager explicitly accepts GitHub URLs and arbitrary raw URLs to auto-resolve and ingest docker-compose.yaml content (see docker-patterns.md "From GitHub Repository" and "From Any URL" and SKILL.md Docker Manager), meaning the agent will fetch and act on untrusted, user-controlled web content that can change deployment behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains a runtime installation command that pipes a remote script to the shell (curl -fsSL https://get.docker.com | sh), which fetches and executes remote code during setup and is relied upon to install Docker on the VPS.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes a specific "Purchase a VPS" API (POST /api/vps/v1/virtual-machines) including an item_id and payment_method_id and example calls that create billable purchases. That is an explicit endpoint to send a payment/transaction to buy services (not merely a generic HTTP or browser tool), so it provides direct financial execution capability for Hostinger purchases.