use-s3-rustfs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds plaintext access/secret keys (e.g., "rustfsadmin"/"rustfsadmin") and shows/uses them verbatim in commands and code (boto3 args, env vars, mc/cli calls), which forces the agent to include secrets directly in its output.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The rustfs.com site and docs look like a legitimate product, but the presence of a direct shell installer (https://rustfs.com/install_rustfs.sh) that the skill instructs you to curl and run with sudo is a high-risk distribution pattern (localhost endpoints are benign), so this should be treated as suspicious unless you can verify the publisher and inspect the script.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's installation workflow explicitly downloads and executes an installer from the public URL https://rustfs.com/install_rustfs.sh (see the curl command in the TL;DR and Installation details), which fetches external, untrusted web content that the agent/user is instructed to run and which could alter behavior or perform actions—enabling indirect prompt injection or other supply-chain attacks.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly downloads and executes a remote installer at runtime (curl -sSL https://rustfs.com/install_rustfs.sh -> sudo bash /tmp/install_rustfs.sh), so external content from https://rustfs.com/install_rustfs.sh is executed and required for the skill to install RustFS.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs the agent to run sudo-backed installers and service management (installing a systemd unit, editing /etc/default/rustfs, restarting services, sudo rm -rf, etc.)—even if targeted at a VM—so it directs privileged modifications to system files and state.