elasticsearch-security-troubleshooting

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly prompts for missing credentials and includes examples that embed passwords/API keys into curl commands (e.g., -u "user:${PASSWORD}"), which encourages the agent to accept and emit secret values verbatim in outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SAML troubleshooting steps explicitly instruct fetching an external IdP metadata URL (see "SAML login redirects to error": curl -s "${IDP_METADATA_URL}" | head -5), which pulls untrusted third‑party metadata that the agent is expected to read and interpret as part of the diagnostic workflow, so external content can materially influence decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly advises editing elasticsearch.yml, restarting services, regenerating certificates, and updating system trust stores or using node-level CLIs (elasticsearch-certutil, elasticsearch-users), all actions that modify system files or require sudo/node-level access and thus can change the host machine state.