filesystem

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the model to read and write full file contents (including config files) and to perform exact-string edits, which forces the LLM to ingest and potentially emit secret values verbatim (API keys, tokens, passwords) when those appear in files.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs the agent to read, write, edit, move, and delete arbitrary files (using absolute paths and no sandbox), and even suggests changing permissions (chmod), which enables modification of system and protected files and therefore can compromise the machine state.