huawei-cloud-eip-cost-optimizer

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The document explicitly claims the skill is READ-ONLY but later includes hidden/contradictory commands and scripts (bandwidth adjustment, tag management, release operations and examples like adjust_eip_bandwidth.py and manage_tags.py) that perform write actions outside the stated read-only scope, which is deceptive and inconsistent with the advertised purpose.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs running a sudo command to remove /usr/local/bin/jq (sudo rm /usr/local/bin/jq) and also suggests automated cron setup, both of which modify the host system and thus push the agent to perform privileged/local state changes.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)