devops-deployer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "MCP Server Integration" explicitly lists a "Web Search" (and "Firecrawl" documentation) server to retrieve "latest DevOps practices" and tool documentation from the public web, meaning the agent will fetch and read untrusted third‑party content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). This skill instructs the agent to design and implement infrastructure, system services, Kubernetes clusters, and deployment/monitoring scripts which inherently involve modifying system files, services, and configurations (often requiring elevated privileges or creating accounts), so it pushes the agent toward changing the host state.