dotfiles

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow explicitly clones and applies arbitrary public dotfiles repositories (e.g., SKILL.md bootstrap script's git clone https://github.com/user/dotfiles.git and the "chezmoi init https://github.com/user/dotfiles.git" step), which fetches untrusted, user-generated content from the public web and applies it to the environment, so that third-party content can materially influence subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs the agent to modify user/system configuration and install packages (including editing ~/.ssh/config and running bootstrap scripts that change files), which alters machine state and can affect access/security, so it should be flagged.