implementing-honeytokens-for-breach-detection

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The agent clearly calls the public Canarytokens API (https://canarytokens.org/generate) in scripts/agent.py and parses webhook alert payloads from external triggers in check_token_alerts (webhook logs), which ingests untrusted, third-party attacker-supplied content as part of its workflow and could influence subsequent reporting/actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs creating and writing honeytoken files to system paths (e.g., /opt/backup/.aws/credentials), embedding tokens into configuration/documentation and database records, which modify the host state and may require elevated privileges.