ansible

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and installing community roles from the public Ansible Galaxy (e.g., "ansible-galaxy install geerlingguy.apache" in Common Commands/API), which ingests user-generated third-party code that Ansible will interpret and execute, allowing external instructions to influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running playbooks with --become (sudo elevation), shows tasks that install packages and start services, and even suggests bypassing host key verification via ANSIBLE_HOST_KEY_CHECKING=False, which encourages modifying system state and bypassing security mechanisms.