proxy-networking

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly handles sensitive credentials (VLESS share links, WireGuard preshared keys, UUIDs/public keys) and its examples and tooling show passing those secrets as command-line flags or generating share links, which requires the agent to include secret values verbatim in commands/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow/reference (references/v2ray-agent.md) explicitly instructs downloading and running the v2ray-agent install script from a public GitHub raw URL (https://raw.githubusercontent.com/...), which is untrusted third‑party content that the operator/agent is expected to fetch and that can materially change subsequent actions and system state.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching and running a remote installer at runtime via wget from https://raw.githubusercontent.com/mack-a/v2ray-agent/master/install.sh and then executing /root/install.sh, which downloads and executes remote code as a required installer (v2ray-agent), so it poses a high-risk external runtime dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs creating/updating systemd units and editing system files (e.g., /etc/wireguard, /etc/sing-box, /etc/v2ray-agent) over SSH and defaults to root@IP, which requires privileged changes to host state and thus can modify/compromise machine state.