deeplake-managed

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md clearly documents ingesting external, public datasets (e.g., client.ingest(..., {"_huggingface": "mnist"/"cifar10"}) and LeRobot episodes that pull data via git-lfs and read annotation JSONs), so the agent will fetch and process untrusted, user-provided web-hosted content which can materially influence queries, training, and subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt includes an explicit instruction to run a privileged system command ("sudo apt-get install ffmpeg"), which directs the agent to modify system state using sudo (a privileged operation), even though the rest of the skill is benign SDK documentation.