pipes-troubleshooting

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly tells the agent to read .env and to run commands that include connection passwords/placeholders (e.g., --password , cat .env), which can require the LLM to capture and emit secret values verbatim when building commands or diagnostics, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs the agent to fetch and use public third-party content (e.g., "Find the implementation address on Etherscan" and run npx @subsquid/evm-typegen to fetch contract ABIs, plus links to Portal/dataset and external docs like https://beta.docs.sqd.dev/ and https://portal.sqd.dev/datasets), which the agent is expected to read/interpret and which can directly change tool use and remediation steps.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill includes many explicit commands that change machine state (docker start/compose, docker exec to create/drop databases, npm/brew installs, and a sed patch that modifies an npx-installed CLI file), so it instructs the agent to perform persistent, potentially sensitive modifications even though it doesn't request sudo or user-creation.