kibana-connectors

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains explicit examples and instructions that place API keys, webhook URLs, and passwords directly into curl commands, Kibana YAML, and Terraform configs, meaning an agent would need to emit secret values verbatim in generated requests or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflows.md example includes an "enrich" ai.prompt step that calls an LLM connector (third‑party provider) and then uses steps.enrich.output in a subsequent create_case step, so untrusted LLM responses are ingested and can directly influence follow-up actions.