appmarket-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly accepts and uses arbitrary public Git repositories as a terraformModule.gitSource in DeployMeta (see SKILL.md / references/commands/create-version.md and README.md), meaning the agent/platform will fetch and execute user-provided Terraform code from third‑party Git hosts (e.g., GitHub), which can contain instructions that materially change deployment actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's image build flow uploads and executes the provided install script at runtime (via image-cli.py build), and the template install script includes commands that fetch and execute remote code such as "curl -fsSL https://deb.nodesource.com/setup_22.x | bash -", which would run external code during runtime and thus directly control execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt instructs creating/configuring system users and services (e.g., running loginctl/systemctl, configuring service autostart, setting root passwords, modifying images/VM system files) which are privileged operations that change machine state and require sudo, so it should be flagged.