hosting-vaultwarden

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly depends on the GitHub Releases API for its automated version-check/update flow (noted in "런타임 환경 전제" and references/setup.md / version-update steps), which fetches public, user-authored release data that the agent would read and use to decide updates—allowing untrusted third-party content to influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime command that fetches and executes remote code via a GitHub flake reference (nix run github:ryantm/agenix -- -e vaultwarden-admin-token.age), so the git URL github:ryantm/agenix is a runtime external dependency that executes remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). This skill contains explicit privileged operations (multiple "sudo" commands, systemctl service start/status, podman container management, and access to /run secrets and backups) that instruct the agent to change system state and access sensitive files, so it should be flagged.