ansible

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows fetching and installing code/assets from public, untrusted sources (e.g., "git: repo: https://github.com/org/app.git", "get_url: url: https://example.com/app.tar.gz", and requirements.yml/ansible-galaxy entries like src: https://github.com/org/custom-role.git), which Ansible would ingest and execute as part of playbooks/roles, allowing third-party content to materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime tasks that fetch and execute remote code — e.g., git: repo=https://github.com/org/app.git (followed by running ./migrate.sh), get_url: https://example.com/app.tar.gz, and requirements.yml src=https://github.com/org/custom-role.git — so these URLs are used at runtime to retrieve content that can be executed.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill contains explicit examples that use become/--become, create users (including sudo group), edit /etc and systemd files, and add sudoers entries (NOPASSWD), all of which require elevated privileges and can modify the machine's state and security posture.