performing-deception-technology-deployment

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes explicit plaintext credentials (e.g., FakeP@ssw0rd2024!), instructs embedding API tokens in request bodies/prints, and shows commands that copy credentials (cmdkey, printing AWS secret keys), which requires the agent to handle and output secret values verbatim, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests attacker-controlled alerts from deception assets (see SKILL.md Step 5 "SOAR Automated Response" which acts on canary/SIEM container artifacts) and scripts/agent.py's HoneypotHTTPHandler which logs request bodies, and it uses fields like source_ip from those untrusted alerts to drive automated quarantine/block actions—allowing external, user-generated input to materially change tool behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs creating AD service accounts, adding them to privileged groups, planting cached credentials, registering hostnames in DNS/AD, and automating network-blocking/isolation actions—clear privileged state-changing operations that modify systems and require elevated access.