run-llms

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands that accept tokens/credentials directly (e.g., "harbor hf token " and "harbor env KEY value"), which would require embedding secret values verbatim in generated commands or outputs, creating an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs are mixed: the direct curl|bash link to https://av.codes/get-harbor.sh is high-risk because it’s an executable script from a non-major domain, while the GitHub (github.com/av/harbor) and Hugging Face (huggingface.co/.../model.gguf) links are to reputable platforms but still require caution (review repo, verify authorship/signatures, and scan large model files) before executing or loading; overall treat this set as moderately high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching and loading untrusted public content (e.g., "harbor pull" from HuggingFace/ollama registries, "harbor llamacpp model https://huggingface.co/...", and "harbor profile use ") and also enables web-search/tunnel services (searxng, tunnels) so the agent's runtime LLMs or configs would ingest arbitrary third‑party/user‑generated content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill includes explicit sudo commands (e.g. apt-get install, sudo usermod -aG docker $USER), system-level installs (Docker, NVIDIA toolkit), and commands that change service/config state, so it directs actions that modify the machine and require elevated privileges.