mercury-agent-deployment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly provides a fetch_url web tool and workflows that fetch and analyze third‑party content (e.g., the "Web Tools" fetch_url example, the "github-pr-review" skill steps that run gh pr diff and analyze PRs/issues, and the ability to install/use community "web-search" skills), meaning the agent ingests untrusted/user-generated web content and uses it to drive decisions and tool actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt includes explicit instructions to install and manage system services, run sudo commands (e.g., "sudo loginctl enable-linger $USER", "sudo apt install gh"), and modify service/daemon behavior — all actions that change system state and require elevated privileges.