unbound

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Key Operations explicitly instructs fetching public root hints via "sudo curl -o /var/lib/unbound/root.hints https://www.internic.net/domain/named.cache" (also referenced in references/docs.md), which causes the agent/system to ingest a third‑party public file that unbound will parse and that can materially alter resolver behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs installing packages, running sudo commands, modifying system config files under /etc and /var, and restarting system services (systemctl), all of which change system state and require elevated privileges.