octoprint

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks for the OctoPrint API key and SSH credentials, instructs the agent to store them in session memory and use them in subsequent curl/ssh commands (embedding them verbatim), which forces the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill routinely fetches and interprets user-provided content from a user-specified OctoPrint host (e.g., GET /api/files, /api/timelapse, /api/printer, and webcam snapshot/stream endpoints) and uses that information to select/start prints and send G-code/commands, so untrusted third-party content could materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). This skill makes runtime requests to the OctoPrint API (e.g., http://<OCTOPRINT_HOST>/api/ and ws://<OCTOPRINT_HOST>/sockjs/websocket), which are required at runtime and are used to send G-code / plugin commands that will be executed by the remote OctoPrint server/printer, so they constitute remote-executed actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs the agent to collect SSH credentials and perform privileged system management on the OctoPi (e.g., sudo systemctl restart, journalctl, pip upgrades, restarting services, running commands with sudo), which directs the agent to modify the remote machine's system state and perform privileged actions.