clickhouse-managed-postgres-rca

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The workflow requires the agent to use an explicit ClickHouse Cloud API key/secret pair for HTTP Basic auth and to run curl requests (background curls), which implies embedding the secret values verbatim into generated requests/commands (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The runtime path fetches Prometheus exposition text and slow-query pattern JSON from ClickHouse Cloud APIs (postgresInstancePrometheusGet and slowQueryPatternsGetList), which are outsider-authored data sources (vendor-controlled responses) that the agent then ingests into its LLM context as evidence.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches the live OpenAPI spec at runtime from https://api.clickhouse.cloud/v1 (and then calls the resolved https://api.clickhouse.cloud/ endpoints) and uses that spec to build a session role_map and to determine request/response field names that directly control subsequent prompts and request construction, making the external spec a required runtime input.