commandbox-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows a command that embeds an API token directly (config set endpoints.forgebox.APIToken=your-api-key), which instructs placing a secret verbatim on the command line and would require the LLM to output that secret value.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill contains explicit sudo commands and instructions to modify system files and system-wide locations (e.g., /etc/apt/sources.list.d, /etc/yum.repos.d, /usr/local/bin, Homebrew Cellar), which require root privileges and change the machine state.