elasticsearch-security-troubleshooting

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly tells the agent to prompt for missing credentials and shows commands that embed passwords/API keys (e.g., curl -u "user:${PASSWORD}" and Authorization headers), which instructs including secret values verbatim in generated commands—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SAML troubleshooting steps explicitly instruct fetching an external IdP metadata URL (see "SAML login redirects to error": curl -s "${IDP_METADATA_URL}" | head -5), which pulls untrusted third‑party metadata that the agent is expected to read and interpret as part of the diagnostic workflow, so external content can materially influence decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly advises editing elasticsearch.yml, restarting services, regenerating certificates, and updating system trust stores or using node-level CLIs (elasticsearch-certutil, elasticsearch-users), all actions that modify system files or require sudo/node-level access and thus can change the host machine state.