novita-sandbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch SKILL.md and cli-reference.md from raw.githubusercontent.com (see the "Install by platform" and "Update" curl commands), which are public, user-editable GitHub content that the agent is required to retrieve as part of installation/update workflows and could contain instructions that alter behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The install/update steps run curl against https://raw.githubusercontent.com/novitalabs/novita-skills/main/skills/novita-sandbox/SKILL.md (and the companion https://raw.githubusercontent.com/novitalabs/novita-skills/main/skills/novita-sandbox/references/cli-reference.md) at runtime to populate the skill files that define the agent's behavior, so the fetched remote content would directly control prompts/instructions and is required for the skill to operate.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes explicit commands that require or recommend sudo (e.g., using sudo apt-get to install Node.js and suggesting sudo npm install -g), which encourages privilege escalation and modifying system state.