uncloud

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes runtime Docker image references that are fetched and executed (examples: registry.k8s.io/pause:3.9, nginx:latest, postgres:18), which are external artifacts pulled at runtime and will execute remote code when run.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs the agent to run cluster-management commands (e.g., uc machine init/add, uc deploy, uc caddy deploy, uc service run/exec, volume create/rm) that modify services, networking, ports and machine state across hosts and therefore can change the system configuration and compromise the machine state.