adguard-home

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports adding blocklists from arbitrary URLs (see "Add a blocklist: python scripts/adguard_api.py add-filter --name "My List" --url "https://example.com/blocklist.txt\"") which causes the agent to fetch and apply untrusted third‑party content that can change filtering behavior and subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes SSH commands that run sudo to restart services, update binaries, copy and view system configuration files (e.g., systemctl restart, sudo cp, sudo journalctl, editing /opt/AdGuardHome/AdGuardHome.yaml), which modify system state and require elevated privileges.