performing-cloud-asset-inventory-with-cartography

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt contains literal plaintext passwords and examples that embed credentials (e.g., NEO4J_AUTH=neo4j/changethispassword and NEO4J_PASSWORD: securepwd123 in Docker/Docker Compose), which encourages reproducing or requiring secret values verbatim in outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The included scripts clearly fetch and ingest arbitrary, potentially untrusted third-party HTTP content (see scripts/agent.py which performs requests.get(a.target) and requests.get(a.target + "/api/v1/results")) and then parse those results to derive severities and the overall risk_level, so external content can materially influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The scripts/agent.py code performs runtime HTTP fetches from an arbitrary target (e.g., requests.get(f"{target}/api/v1/results") — effectively http(s):///api/v1/results) and directly ingests that JSON into the agent's findings, so external content fetched at runtime can control the agent's output.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt instructs installing software, running Docker containers, and scheduling cron jobs that write to system paths (e.g., /var/log, /usr/local/bin) and set persistent service credentials, all of which modify host state and often require elevated privileges, so it can compromise the machine.