schedule

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill echoes and embeds the user-provided command verbatim (in confirmations and in generated shell/CronCreate calls), so if that command contains API keys, tokens, or passwords the LLM will output and propagate them, creating an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs the agent to create persistent OS scheduled tasks (installing cron/Task Scheduler entries or invoking CronCreate) which modify the host's scheduling state and can run arbitrary commands outside the session, so it performs persistent side effects on the machine.