ssh

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to ask users for passwords or private keys (secrets) and to use them for SSH operations, which requires the LLM to receive and potentially handle those secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly executes commands on and transfers files from remote hosts (see "Execute commands on remote machines" and "Transfer files between local and remote machines" in SKILL.md/README), meaning the agent will consume arbitrary, user-provided remote content that could be untrusted and enable indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs generating SSH keys, creating and editing ~/.ssh/config, adding keys to ssh-agent and setting permissions—actions that modify the machine's persistent SSH configuration and network access (e.g., port forwarding) and therefore can change or compromise the agent host's state.