debug-firewall

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs the agent to read and display environment variables and configuration/log files (e.g., docker-compose.yml, /etc/squid/squid.conf, env output) which may contain API keys, proxy credentials, or passwords and would therefore cause the LLM to output secret values verbatim if present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows fetching from the public web (example: running curl https://api.github.com) and instructs inspecting Squid access logs (/var/log/squid/access.log) to discover and allowlist arbitrary external domains, so the agent will read untrusted third-party content (public sites/hostnames) that can influence firewall/allowlist decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs running privileged host-level commands (e.g., sudo awf, sudo iptables -F/-X FW_WRAPPER, sudo dmesg checks) and destructive Docker/network actions (docker rm -f, docker network rm), which modify firewall and container state and therefore can compromise the machine.