managing-configuration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching and executing content from public third-party sources (e.g., ansible-pull -U https://github.com/org/ansible-repo.git, get_url examples, and references to public GitHub repositories and dynamic inventory plugins that query cloud provider APIs), so an agent following the workflows could ingest untrusted, user-controlled content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs configuring OS-level settings (packages, services, files like /etc/*), uses privilege escalation (become: yes) and playbook examples that would create or modify system state—actions that can change or compromise the host the agent runs on.