remote-server-guide

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes explicit patterns that ask for or show embedding plaintext passwords/credentials verbatim (e.g., sshpass -p '', paramiko/fabric connect_kwargs with '') and instructs collecting user passwords, which forces the LLM to handle and potentially output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly connects to arbitrary, user-specified remote hosts and containers and ingests their outputs (e.g., SKILL.md Phase 3/Phase 5, tmux capture-pane, docker logs, and paramiko/fabric exec/get) — untrusted third-party content that the agent reads and can drive subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs installing packages with sudo (e.g., "sudo apt-get install -y ..."), suggests bypassing SSH host-key verification (StrictHostKeyChecking=no and AutoAddPolicy), and endorses password-in-command tools like sshpass, all of which modify the agent's host state or weaken security controls.