coolify-deployment

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt embeds a literal admin password example ("SecurePass123") and shows plaintext paths and SSH key usage, which encourages handling secrets in cleartext and could lead the agent to echo or include secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs adding arbitrary GitHub repositories as deployment sources and testing deployed apps by fetching their public APP_URL (e.g., repository URLs and sslip.io-hosted app endpoints), which are untrusted, user-provided third-party contents the agent would retrieve and interpret as part of the workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs running privileged commands (e.g., curl | sudo bash, sudo docker commands, sudo rm -rf /data/coolify) and to modify/remove system paths and services on the host, which would change the machine's state and require elevated privileges.