grafana

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes multiple examples that embed plaintext credentials directly in commands (e.g., curl -u admin:password, curl -s -u admin:<password>, grafana-cli admin reset-admin-password <newpassword>), which encourages producing outputs that contain secret values verbatim and thus creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs downloading community dashboards from the public grafana.com site (see references/common-patterns.md: the curl to "https://grafana.com/api/dashboards/.../download") and then reading/using that JSON to map inputs and import into Grafana, which means untrusted, user-generated third-party content is fetched and interpreted as part of the workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill includes explicit sudo commands and instructions to start/stop systemd services, modify /etc/grafana/grafana.ini, change firewall rules, install plugins under /var/lib, and copy system DB files—actions that modify system state and require root privileges.