huawei-cloud-flexus-l-server-scripts-excute

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes multiple examples and workflows that pass AK/SK/security-token as command-line parameters or interactive inputs (and even shows export/inline values), which would require the model to receive or emit secret values verbatim despite advising environment-variable usage and a “do not print” rule—so it presents a high risk of secret exposure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime LLM context can include outsider-authored free text via Huawei COC execution results: do_query_execution() calls get_script_job_batch(), which returns instance.message (execution log/output) and the skill prints/returns it as message/Script Output, and that log text originates from the target host/script execution rather than the operating user.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly enables creating and executing arbitrary scripts on target instances with a default execute-user of root and includes examples that run commands as root, which allows modifying system state and obtaining privileged actions on hosts.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)