fleet-management

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that assign an API token (TOKEN=<STACK_ID>:<API_TOKEN>) and then uses it directly in curl Authorization headers (Authorization: Bearer $TOKEN), which instructs embedding secret values verbatim into commands/outputs—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls the Fleet Management API (e.g., https://fleet-management-prod-*.grafana.net) and the documented Assistant tools (fleetManagementRead / fleetManagementWrite / alloyConfigValidation) clearly fetch and read user-created pipeline and collector data (untrusted, user-generated configs) and use that content to explain, validate, and update pipelines, so third‑party content can influence tool actions.