harbor-exploit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds explicit credentials (admin / Harbor12345 and the Base64 Authorization header) and instructs using them in requests/commands, which requires the model to output those secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is explicitly malicious: it provides step‑by‑step exploit code and automation to gain unauthorized admin access (default creds and privilege escalation), enumerate and exfiltrate private container images, create persistent robot accounts for backdoor access, and push malicious images to perform supply‑chain attacks.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scripts and SKILL.md explicitly fetch and parse JSON from arbitrary external Harbor endpoints (e.g., GET /api/v2.0/systeminfo, GET /api/v2.0/search?q=/ and the check_harbor("https://harbor.example.com") example in references/detection-and-post-exploit.md), treating that untrusted, user-/public-hosted content as input to decide and drive further exploit actions, so it clearly ingests third‑party content that can influence behavior.