autonomous-execution

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly permits asking the user to paste secrets (e.g., SMS codes or credentials) and directs the agent to then perform actions (curl, deploy, push) autonomously, which encourages the LLM to receive and embed secret values into commands/requests, creating a high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly directs an agent to perform irreversible external actions (push, deploy, delete, publish, send messages) without user consent and to use available APIs/credentials autonomously, which enables unauthorized data exfiltration, credential misuse, system compromise, and other backdoor/abuse behaviors.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly orders the agent to autonomously perform state-changing operations (push, deploy, delete, commit, publish, run commands, modify branches/records) without human approval, which encourages potentially destructive and privileged modifications to the machine or environment.