implementing-rapid7-insightvm-for-scanning

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains examples that embed secrets directly into commands and code (e.g., docker -e SHARED_SECRET=, msiexec CUSTOMTOKEN=, placeholders like "api-key-here" used in an Authorization header), which would require the model to accept and emit secret values verbatim.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs installing system services, running systemctl, deploying Docker containers, handling SSH keys and using sudo for privilege elevation—actions that modify host system state and require elevated privileges—so it pushes the agent to change the machine state.