homelab-pihole-dns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's "Blocklist Management" workflow explicitly directs adding public blocklist URLs (e.g., raw.githubusercontent.com/StevenBlack/hosts and blocklistproject.github.io lists) and running "Tools → Update Gravity (downloads and compiles all blocklists)", which causes the system to fetch and ingest untrusted, user-maintained third‑party content that can materially change DNS behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime commands that download and execute remote installers/binaries (curl -sSL https://install.pi-hole.net -> bash pi-hole-install.sh and curl -LO "https://github.com/cloudflare/cloudflared/releases/download/${CLOUDFLARED_VERSION}/cloudflared-linux-arm64" -> install), which fetch remote code that is then executed and are required for the installation flow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the agent to run multiple sudo commands and to modify system files and services (e.g., /etc/dhcpcd.conf, /etc/cloudflared, installing binaries to /usr/local/bin, creating/enabling systemd services and binding low ports), which changes the host system state and requires elevated privileges.