cli-anything-ollama

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly includes a "model pull" command to download models from the Ollama library (and allows connecting to remote hosts via --host), meaning the agent can fetch public third-party models/templates whose prompts or behavior would be read/used for generation/chat and could thus inject instructions influencing actions.