es-ingest

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and CLI flags that pass API keys/passwords directly (e.g., --api-key, --target-api-key, explicit key examples and curl with Authorization headers), which requires the agent to include secret values verbatim in commands/outputs and is therefore insecure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md and README explicitly support reindexing/ingesting from external Elasticsearch nodes and source indices via the --node / --source-index and --target-node options (and ingesting arbitrary files/wildcards), so the agent will read untrusted public/user-generated documents from remote ES instances or arbitrary input files as part of its workflow which could influence transforms, mapping inference, and subsequent actions.