github-dns-helper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The script (scripts/fix_github_dns.py) fetches hosts data from public URLs listed in DEFAULT_HOSTS_URLS (and also accepts arbitrary -u custom URLs per SKILL.md), then parses and writes that untrusted, user-provided content into the system hosts file and uses it to drive connectivity checks and remediation, so third-party content can materially change agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs changing /etc/hosts ownership/permissions and running sudo to modify a system file (and to enable passwordless modifications), which alters machine state and bypasses normal security protections, so it should be flagged.