Skills
skills/wgpsec/aboutsecurity/concourse-tactics/Snyk

concourse-tactics

Fail

Audited by Snyk on May 9, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs obtaining and then embedding secrets (API tokens, passwords, bearer tokens, ~/.flyrc tokens) into commands and headers (e.g., curl -H "Authorization: Bearer $TOKEN", fly -t ... -p password), which requires the LLM or agent to handle and potentially output secret values verbatim, creating a high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This document is an explicit offensive playbook for abusing Concourse CI—detailing credential theft, secret exfiltration, job/task injection, remote command execution, container escape, and persistent backdoor pipelines—indicating deliberate malicious intent.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The SKILL.md and its references explicitly instruct using curl/fly to fetch and parse untrusted third‑party data (e.g., TARGET API endpoints like /api/v1/pipelines, /builds, team vars, pipeline configs, build logs, external Git repos and credential backends such as Vault/CredHub/AWS SSM) and then act on that content (extract credentials, modify pipelines, trigger jobs), so runtime-consumed user-controlled content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill's Task templates use external registry images (e.g., "alpine", which is fetched at runtime from Docker Hub like https://registry-1.docker.io/library/alpine), so remote container images are retrieved and executed as a required dependency for the skill's runtime tasks.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.90). This skill explicitly directs creating/modifying pipelines, injecting tasks, intercepting containers and using the Garden API to execute processes and perform container escape/host control — actions that enable changing the state of the host (including the agent's machine if reachable) and persisting access.

Issues (5)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 9, 2026, 08:28 AM
Issues
5