hvs-skill-buddy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow reads and audits SKILL.md files from /mnt/skills/user/*/SKILL.md (outsider-authored skill documentation), and then includes their extracted text in the generated audit report that is fed back into the agent context.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt prescribes potentially system-altering install patterns (e.g., requiring pip installs with --break-system-packages which bypasses package-manager protections and can modify system state) so it encourages actions that could compromise the host environment, but it does not explicitly request sudo, edits to systemctl/ssh or creation of users, so the risk is moderate.