ctf-forensics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation explicitly instructs fetching and ingesting untrusted public content (e.g., "aws s3 ls/cp s3://target-bucket" in references/disk-and-memory.md under "Cloud Storage Forensics" and "gitdumper.sh https://target/.git/" in references/linux-forensics.md), so the agent workflow includes reading arbitrary third‑party/web-hosted data that could influence subsequent analysis and tool use.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly includes privileged commands (e.g., "sudo mount -o loop,ro image.dd /mnt/evidence") and other filesystem-modifying/tools that require elevated privileges and can change the host's state, so it pushes the agent toward privileged operations.