performing-authenticated-scan-with-openvas

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt repeatedly shows commands and code that embed credentials verbatim (e.g., --gmp-password , XML ..., including SSH private key contents and python gmp.authenticate('admin','password')), which requires the agent to output or handle secret values directly and thus poses exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt instructs privileged system changes (sudo apt install, sudo gvm-setup, starting services), accesses local sockets/keys (e.g. /run/gvmd/gvmd.sock and /home/…/.ssh/id_rsa) and thus directs actions that modify or access sensitive state on the host.