sealos-deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow ingests outsider-authored free text from the user-supplied GitHub project by cloning it (or using the current local repo) and then reading files like README.md, docker-compose*.yml, and .github/workflows/*.yml into the agent/LLM context for analysis and template generation (e.g., Phase 3/2/1 file reads).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The preflight instructions include a runtime install command that fetches and executes remote code via curl -fsSL https://get.docker.com | sh (used when Docker is missing and the user agrees), which is a high-confidence external dependency that executes remote code at runtime.