harbor-expert

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains numerous examples that embed credentials directly (e.g., curl -u "admin:password", JSON fields like "access_secret": "token_here", robot "secret": "...", and inline env vars for tokens), which instructs or encourages producing commands/code that include secret values verbatim, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill configures Harbor to proxy and pull artifacts from public registries (e.g., https://hub.docker.com), processes external webhook payloads and scan results (webhook-processor.py / CloudEvents), and integrates with public services like GitHub OIDC (token.actions.githubusercontent.com), so the agent will ingest and act on untrusted, user-generated third-party content.