database-backup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Because the skill asks for connection details and its examples embed plaintext credentials (e.g., mongodb://backup_user:secret@...) into generated scripts and commands, the LLM would be expected to include secret values verbatim, creating an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). This skill instructs the agent to generate and install backup scripts, schedule jobs via cron/systemd timers, and write to system directories (e.g., /var/backups, /usr/local/bin, /var/log), which can modify system files and require elevated privileges—though it does not explicitly ask to escalate to sudo or create OS users, it still directs changes to system state.