remote-troubleshoot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Contains explicit examples that embed plaintext credentials in commands (e.g., sshpass -p<password> ssh ...) and instructs collecting SSH credentials, which requires placing secret values verbatim into generated commands — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly SSHs into arbitrary, user-provided remote hosts and Kubernetes clusters and runs commands that read logs and configuration (see examples like ssh user@host "systemctl status <service>", kubectl logs <pod>, and the scripts in scripts/generate_helper.sh that head/tail config and log files), so it ingests and interprets untrusted third‑party content from remote systems.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs creating/uploading and executing helper and fix scripts over SSH (including running systemctl and other service/config commands) which enables modifying remote system files and services and likely requires elevated privileges—even if it says to wait for approval—so it meaningfully pushes the agent toward changing machine state.