insecure-defaults

skills-sh:trailofbits_skills__insecure-defaults

View source

75/100

First Seen

Feb 18, 2026

Last Scanned

Feb 18, 2026

Findings

Score

75/100

CRITICAL 1

LOW 1

Findings (2)

CRITICAL NLP_OVERRIDE_DANGEROUS prompt-injection L97

Default Credentials: Hardcoded username/password pairs
→ Verify: Active in deployed config? No runtime override?
→ Skip: Disabled accounts, documentation examples

LOW INDIRECT_010 command-execution L4

allowed-tools:
  - Read
  - Grep
  - Glob
  - Bash