vps-security-hardening

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requests plaintext credentials (root and user passwords, webhook key) and uses them directly in commands, script parameters, and in the generated report (e.g., echo "${NEW_USER}:${NEW_USER_PASSWORD}" | chpasswd, --root-pass, and printing ${NEW_USER_PASSWORD}), which forces the agent to include secrets verbatim in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime script (scripts/harden-vps.sh) and SKILL.md explicitly SSH into the user's VPS and execute commands (lsb_release, sshd -T, docker ps, ufw status, etc.), parse those remote outputs (untrusted user/third‑party content) and use them to decide and perform configuration actions—thus allowing external content to materially influence tool behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs privileged system modifications—enabling root password login, creating sudo users, editing /etc/ssh/sshd_config and systemd unit files, installing packages, modifying PAM and firewall rules—so it directs the agent to change the machine's state with root-level actions.