implementing-canary-tokens-for-network-intrusion

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs generating and embedding token values (webhook URLs, AWS access keys, Thinkst API auth tokens) into files and requests, which requires the LLM to handle and potentially output secret values verbatim, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill clearly calls the public Canarytokens API (see SKILL.md and scripts/agent.py create_canarytoken()/create_* functions that POST to https://canarytokens.org/generate), ingests webhook payloads via the /canary-webhook receiver and thinkst_get_alerts, and then reads and acts on returned/untrusted fields (token URLs, hostnames, access keys, manage_url, additional_data) — including using them in tests (test_token_connectivity) and embedding them into deployed files/alerts — which exposes the agent to untrusted third‑party content that can influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs modifying system and user configuration files (e.g., /etc/hosts, internal DNS zone files, SSH configs, and writing to /var/log), and requires administrative access to target systems—actions that change the machine state and often require sudo privileges.