diagnostic-issue-resolver

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required diagnostics explicitly instruct the agent to read and parse local Telegram audit/log files (e.g., ~/.claude/automation/claude-telegram-sync/logs/audit/*.ndjson and /private/tmp/telegram-bot.log), which contain untrusted, user-generated Telegram content that the agent must interpret to decide actions, creating a pathway for indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill contains many instructions that directly modify system state (rm, pkill, restarting services, running install/teardown scripts) and explicitly tells the agent to edit and persist changes to its own skill file, which creates a moderate risk of unintended or persistent changes even though it does not request sudo or create users.