sca-trivy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows explicitly instruct scanning and ingesting artifacts from open third-party sources—e.g., "trivy image nginx:latest", registry examples (registry.example.com/private/image:tag), "trivy fs .", and SBOM generation—so the agent will fetch and parse untrusted container images, filesystem/IaC files and their metadata from public registries/repos and then use those findings to drive remediation and CI/CD decisions, which could enable indirect prompt-injection via attacker-controlled content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The GitHub Action reference aquasecurity/trivy-action@master (https://github.com/aquasecurity/trivy-action) is invoked in the provided CI workflow and would be fetched and executed at runtime as an external dependency, so it constitutes a runtime external dependency that executes remote code.