ttyd-remote-terminal-wsl2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill starts a web-accessible ttyd terminal exposed via public tunneling services (notably ngrok's public URLs described in the "Choose Your Tunnel Service" and "Start Session" sections), meaning arbitrary third-party users can connect and supply input that the terminal/agent will read and execute.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill starts a tunnel and prints a runtime public URL (e.g., https://abc123.ngrok-free.app) which external users can open to interact with the ttyd web terminal and thereby execute commands on the host, so the external tunnel URL is a runtime dependency that enables remote code execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). This skill explicitly instructs installing system packages (apt), running a sudo command (sudo tailscale up), and creating/enabling a systemd service to auto-start a remote web terminal—actions that modify system state and can expose or elevate access to the host.