elasticsearch

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs users/agents to export or include a user-provided ES_API_KEY (and shows example assignments) and to embed that variable into curl commands, which encourages the agent to accept and emit API keys verbatim (e.g., export ES_API_KEY="..."), creating secret-exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md instructs the agent to use a user-provided ES_URL/KIBANA_URL and API key and then run curl commands (e.g., _search, GET _doc, Kibana saved_objects/_import) to fetch and interpret index documents, dashboards, and saved objects—i.e., it directly ingests arbitrary user-generated/untrusted content from those endpoints which can materially influence subsequent API actions.