huawei-cloud-ascend-command

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires passing SSH passwords as parameters (examples show --password xxx / NpuClient(host,user,password) / CLI examples and orchestration that embed the password), which forces the agent to receive and embed secret values verbatim in commands or client calls, creating an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly performs privileged, state-changing operations (firmware upgrades, ECC/fan configuration, vNPU creation, certificate management) and describes SSH as root with passwords, so it instructs the agent to modify system state and require administrative access.