kong-exploit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). 该技能明确指导读取并在请求/利用步骤中嵌入令牌/API 密钥/凭据（例如 PUT 包含 "token":""、读取 /consumers 获取 API Key 等），要求 LLM 直接处理并输出秘密值，存在高风险泄露。

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive exploit toolkit — it contains ready-to-run scripts and step‑by‑step instructions to abuse Kong/Konga/Insomnia (unauthenticated Admin API access, SSRF to cloud metadata for credential exfiltration, Konga privilege escalation, and Insomnia template/DLL RCE) and therefore enables credential theft, remote code execution and system compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and reference scripts (SKILL.md, references/admin-api-and-ssrf.md and references/detection-scripts.md) explicitly instruct the agent to fetch and parse arbitrary target URLs (e.g., admin_url, konga_url, proxy endpoints) and to use those untrusted responses to decide follow-up actions (create services/routes, perform SSRF, escalate privileges), which exposes it to third‑party content that could contain indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill provides explicit, actionable exploit instructions (POST/PUT to Admin API, create/delete services/routes, Konga privilege escalation, Insomnia RCE) that instruct the agent to modify service configuration and obtain remote/local code execution, i.e. to change and compromise the state of the host or target system.