gpu-container-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 4 in SKILL.md and references/image-sources.md) explicitly queries public registries via curl (e.g., nvcr.io, hub.docker.com, harbor.baai.ac.cn) and performs Web Search (Step 4.3) to discover container images — then uses those discovered images (and even updates references/image-sources.md) to drive image selection and future behavior, meaning untrusted third‑party content from the open web can influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime queries to container registries (e.g., curl "https://api.ngc.nvidia.com/v2/repos/nvidia/pytorch/tags") and then docker pull / docker run of images (e.g., nvcr.io/nvidia/pytorch:${TAG}), which fetches and executes remote container code that the skill requires.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the agent to pull and run arbitrary container images with host device access and mounts (and even to modify its own reference files), which performs privileged state-changing actions that can compromise the machine if misused.