ansible-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The playbook (roles/application/tasks/main.yml shown in SKILL.md and references/playbook-structure-and-best-practices.md) explicitly runs a git clone of app_repo_url (example: https://github.com/myorg/myapp.git) and builds/runs that code, so the skill fetches and executes public, user-hosted repository content which can materially change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The playbook's roles/application task clones and builds the external repository https://github.com/myorg/myapp.git at runtime, causing fetched remote code to be built and executed (as a Docker image), so this URL is a required runtime dependency that can execute remote code.