dify-llm-platform

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] prompt_injection: Detected system prompt override attempt (PI004) [AITech 1.1] [CRITICAL] prompt_injection: Detected system prompt override attempt (PI004) [AITech 1.1] BENIGN: The skill description is internally consistent with its stated purpose of building and deploying LLM-powered applications via a visual workflow platform. There are no evident malicious data flows, credential harvesting mechanics, or download-execute patterns. Credentials are treated as provider/API keys typical for such platforms, and sources/deploy targets are standard OSS and cloud infrastructure. While sensitive data like API keys are demonstrated in examples, this is common documentation practice and does not imply covert collection. Recommend standard secure handling guidance (e.g., avoid embedding keys in code, use secret managers, pin dependencies). LLM verification: This skill is documentation for the Dify LLM platform and does not contain explicit malicious code. However, it describes workflows that fetch and execute remote code (git clone, docker compose, helm, CDK) and requires many high-privilege credentials and capabilities (DB, Redis, LLM provider keys, storage). The main risks are supply-chain (pulling images/charts/repos), credential exposure (env files, custom providers and code nodes that can misuse secrets), and the power of arbitrary code nodes