harden

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill runs SSH commands against arbitrary user-supplied hosts (see sshExec/sshExecSafe in index.ts) and parses remote stdout (e.g., /etc/ssh/sshd_config, apt list, systemctl outputs) as part of its audit-and-fix workflow, so untrusted third-party host content can influence decisions and applied actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs the agent to perform privileged, state-changing operations (install updates/packages, enable unattended-upgrades, configure UFW/fail2ban, modify SSH/root and sudo settings) on target servers, actions that require sudo and can modify the machine's state.