cdata-driver-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask for license keys, passwords, and API tokens and shows example commands that embed them verbatim (e.g., --key, --connectionstring with Password/APIToken), so the LLM would need to output secrets directly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The SKILL instructs installing the CLI by fetching and executing remote install scripts at runtime (PowerShell: "iwr https://cdn.cdata.com/cli/install.ps1 | iex" and macOS/Linux: "curl -fsSL https://cdn.cdata.com/cli/install.sh | bash"), which downloads and runs remote code that could directly control execution.