freellmapi-proxy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The proxy sends requests to external third-party LLM providers (e.g., Google/Gemini, Hugging Face, OpenRouter, etc.) and consumes their model responses—including executing model-initiated tool calls as documented in the "Tool Calling" section of SKILL.md—so untrusted provider outputs can directly influence agent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes production deployment steps that modify system-level configuration (nginx site files under /etc), install global services (pm2, system startup), and instruct editing system configs—actions that require sudo/administrative privileges and change the machine state.