pma-rust

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs loading and re-verifying claims by cloning public GitHub repositories (see references/evidence.md: "To re-verify any claim: git clone ... https://github.com//.git"), so it expects the agent to fetch and interpret untrusted, user-generated third‑party content which can materially influence its decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). It recommends system-level changes (systemd LimitCORE, kernel.core_pattern, container ulimit flags) that require privileged edits of system files/settings, so it could push an agent to modify the machine state even though it doesn't explicitly request sudo or user creation.