mosquitto

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit plaintext credentials and example commands that pass passwords on the command line (e.g., -P mypassword, secretpass with mosquitto_passwd -b), which requires the agent to echo secret values verbatim in commands and risks exfiltration.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains explicit instructions to modify system configuration and state (e.g., creating /etc/mosquitto/passwd, reloading systemd with sudo, changing UFW rules, and editing /etc/mosquitto configs/listeners), which require elevated privileges and can alter the machine.