firewall-appliance

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit example that embeds API credentials in a command-line (curl -u key:secret) for the OPNsense REST API, which encourages/requires placing secret values verbatim into generated commands or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill instructs the agent to consult and act on public, third-party data sources—e.g., CrowdSec CAPI blocklists and app.crowdsec.net (references/plugins.md) and GeoIP/URL blocklists like MaxMind, IPinfo, Spamhaus, abuse.ch (references/hardening.md)—and those external feeds are explicitly used in troubleshooting and rule decisions that can change firewall behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to run privileged, state-changing commands on firewall appliances (pfctl, edit/copy config.xml, configctl/service restarts, firmware/plugin changes, state flushes), which modify system files and services and can disrupt or brick the device if misused.