ui4-convert-tests

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit plaintext credentials passed on the command line and in environment variables (e.g., PGPASSWORD=payload and POSTGRES_URL="postgres://payload:payload@..."), which instructs embedding secret values verbatim in commands—an insecure pattern.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs running system-altering commands (e.g., psql CREATE DATABASE, lsof | xargs kill -9) and other operations that modify processes/databases on the host—actions that change machine state even though it does not explicitly request sudo.