ip-diagnosis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs fetching and parsing live data from public third-party sites (e.g., curl calls to https://api.ipify.org, https://ipinfo.io/json, https://ifconfig.co/json, https://api.ip.sb/geoip and using Playwright to open https://webbrowsertools.com/ip-address/) and then uses those results to drive judgments and remediation steps, so untrusted external content can materially influence agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs the agent to run system-level commands and install packages on the current machine without prompting (e.g., npm -g / brew installs, playwright browser install) and explicitly includes commands that change macOS network configuration (networksetup -setv6off / -setv6automatic), which modify system state and may require elevated privileges, so it poses a moderate risk of compromising the host.