network-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's referenced runbooks explicitly fetch and ingest public third-party data as part of normal workflow—for example references/ddos.md shows curling Cloudflare's IP lists (https://www.cloudflare.com/ips-*) and references/ids-ips.md instructs running suricata-update to pull ET Open rules—so the agent is expected to consume untrusted public web content that can materially alter firewall/IDS actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains explicit privileged operations and file edits (apt installs, systemctl enable/reload, ufw/nftables changes, editing /etc/ssh/sshd_config, creating files under /etc, certbot, etc.) that instruct modifying system state and require root/sudo, so it should be flagged.