performing-post-quantum-cryptography-migration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's agent actively connects to and parses TLS responses from arbitrary hosts provided via --targets or --target (see scripts/agent.py scan_tls/scan_multiple_endpoints and scan_tls_endpoint, and SKILL.md examples like "python scripts/agent.py --action scan_tls --targets targets.txt"), treating untrusted public server certificates/cipher suites as input to assessments and roadmap decisions—so third-party content is ingested and directly influences tool actions and recommendations.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs modifying system-wide configuration files (e.g., /etc/ssl/openssl-oqs.cnf, Apache/NGINX SSL configs) and requires administrative access, which involves privileged changes to the machine's state.