robusta-dev

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The guide instructs placing API keys/webhook URLs directly into generated YAML (e.g., "api_key: xoxb-your-token" and "Set channel name and API key"), which would require an agent to request and embed secret values verbatim into output/config files, creating an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Install workflow includes a runtime curl that downloads and then executes a remote binary (curl -fsSL -o robusta https://docs.robusta.dev/master/_static/robusta && chmod +x robusta && ./robusta), so https://docs.robusta.dev/master/_static/robusta is a runtime-fetched dependency that executes remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill instructs changing cluster/node state (helm/kubectl installs, delete_pod auto-remediation, and a node_bash_enricher that runs bash on nodes) which can modify the machine/cluster state, but it does not explicitly request sudo escalation, editing host system files, or creating user accounts.