implementing-honeypot-for-ransomware-detection

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes curl examples that embed an API auth_token parameter directly in request data (even if shown as a placeholder), which instructs placing secret credentials verbatim into commands/outputs and thus creates an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill instructs creating SMB shares, installing Windows features, modifying ACLs/audit policies, deploying files and services, and other administrative actions that alter system state and require elevated privileges.