celery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md includes explicit task examples that fetch and ingest arbitrary external URLs (e.g., fetch_url / fetch_and_process using requests.get(url), ETL examples like fetch_data('https://api.example.com/data'), and chains/chords that call fetch_url.s(url)), meaning the agent is expected to read untrusted public web content as part of workflows which can influence downstream task decisions and actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit /etc/systemd/system service unit files and production service/daemon setup (PIDfiles, /var/log, User=celery) which directly instruct creating/modifying privileged system service files and altering system state requiring root privileges.