implementing-network-intrusion-prevention-with-suricata

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes a command that passes a license key as a direct command-line argument ("enable-source et/pro secret-code=YOUR_OINKCODE"), which requires embedding a secret verbatim in generated commands and is an insecure pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Step 4 "Manage Rules with Suricata-Update") instructs fetching and enabling public/community rule sources (e.g., ET Open, ptresearch, sslbl) via suricata-update, which are untrusted third-party rule repositories whose contents are ingested and directly influence Suricata's blocking/detection behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs modifying system files (e.g., /etc/suricata/suricata.yaml), changing kernel/network settings (echo to /proc, iptables), installing packages and enabling systemd services using sudo, which directly alters the host system state and requires elevated privileges.