subagents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports a "search" sub-agent described as a "web research specialist" that "searches the web and reads pages" and the SKILL.md examples (e.g., the Parallel Example dispatches "search" prompts asking to "Search the web" and return source URLs), so untrusted public web content can be ingested and influence agent decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly enables and documents a "shell" sub-agent that runs scripts, installs dependencies, and performs system operations (and gives examples like installing ffmpeg), which can modify system state or be used to perform privileged actions even though it doesn't explicitly instruct sudo or user creation—so it poses a moderate risk.