pinggy-tunnel

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt repeatedly instructs embedding tokens/passwords directly in SSH command arguments and to echo/print generated tokens and passwords (e.g., "echo 'Bearer token: $TOKEN'", "b:admin:secret", "k:mysecrettoken"), which requires the agent to handle and output secret values verbatim, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly exposes a local service via public Pinggy URLs and the "Recipe 1 — Receive a webhook" and "Web Debugger" sections instruct the agent to capture and tail inbound HTTP requests (e.g., /tmp/webhook-hits.log and localhost:4300), which are untrusted, user-generated external inputs the agent is expected to read and that could materially influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly tells the agent to bypass SSH host-key checking (StrictHostKeyChecking=no, UserKnownHostsFile=/dev/null) and to start persistent background processes that expose local services over the network, which are security-bypassing and can alter the machine's runtime state even though it does not request sudo, edit system files, or create users.