huawei-cloud-flexus-l-server-manage

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill repeatedly lists AK/SK/security-token as required CLI parameters and shows command examples with placeholders for actual secret values (and even allows passing them via --ak/--sk), which creates a clear path for the LLM to be instructed to include or echo secrets verbatim despite recommending env vars—so it requires careful handling and poses a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime path flexus_lifecycle.py -> fetch_specs_data() -> flexus_specs_extractor.py -> urllib.request.urlopen("https://support.huaweicloud.com/api-flexusl/create_instance_0001.html") ingests HTML table text fetched from an external public web page into the agent’s LLM context via printed outputs (e.g., show-regions/images/specs and auto-spec matching).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements lifecycle operations that perform real billing actions: "create-instance" (purchase new instances), "renewal" (renew existing instances), and "unsubscribe" (cancel subscriptions). It references and requires BSS (Billing & Subscription) APIs and permissions (e.g., bss:order:, bss:renewal:, bss:unsubscribe:*), supports auto-pay, and requires AK/SK credentials for authenticated calls to billing endpoints. These are specific, purpose-built financial execution capabilities (placing orders, renewing subscriptions, handling payments), not generic tooling, so it grants direct financial execution authority.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)