tirith-config

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Tirith's required workflows explicitly download and inspect remote installer scripts (e.g., "tirith run " which downloads a URL for static analysis and pager review, and the allowlist verification steps that run curl -fsSL https://vendor.example.com | bash), so the agent will fetch and interpret untrusted public web content that can influence whether commands are run or allowlisted.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.40). The skill documents and instructs editing user-level tirith config, allowlisting, and explicit bypasses (TIRITH=0, disable logging) which enable weakening or bypassing a local security mechanism, but it does not request elevated (sudo) or system-wide changes like creating users or changing system services.