homebridge

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains and demonstrates embedding credentials and tokens verbatim in configs and URLs (e.g., rtsp://user:pass@..., "access_token": "YOUR_LONG_LIVED_ACCESS_TOKEN", default admin/admin and PINs), which instructs storing/including secrets in plaintext and could cause the LLM to output secret values directly.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs use of sudo to install global packages, install/manage a system service, run systemctl and modify systemd service files (e.g., /etc/systemd/system/homebridge.service), all of which alter system state and require elevated privileges.