implementing-aqua-security-for-container-scanning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime scripts (e.g., scripts/agent.py and scripts/process.py) invoke Trivy to scan remote container images (defaults like nginx:latest and user-provided --images) and SKILL.md even shows trivy repo https://github.com/org/project, meaning it fetches and ingests public/untrusted images/repos and their scan outputs which directly drive CI/pipeline decisions and reporting (exit codes, failing pipelines, remediation actions), so third-party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill contains CI definitions that will fetch and execute external code at runtime — notably the GitHub Actions reference (uses: aquasecurity/trivy-action@master -> https://github.com/aquasecurity/trivy-action) and the Docker image pull (image: aquasec/trivy:latest -> docker.io/aquasec/trivy:latest) which are retrieved at runtime and run code in CI/runner environments.