ansible-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's "Handling Custom Modules and Collections" workflow explicitly instructs the agent to perform WebSearch and fetch external library documentation (including via mcp__context7__get-library-docs) and to analyze those public search results to determine module parameters and generate playbooks, which means it ingests untrusted open-web content that can materially influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly generates Ansible playbooks/roles that set become: true, manage services and system files (eg. /etc/nginx/nginx.conf), run commands as other users, and includes localhost examples — thus it directs the agent to create artifacts that require sudo and can modify the host's state even if it doesn't itself execute them.