nvidia-nemoclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows sandboxes/agents can make outbound requests to public hosts (e.g., allowedEgressHosts examples like "api.github.com" and "build.nvidia.com", a dev pattern with blockUnlisted: false, and an example "Summarize the latest NVIDIA earnings report") so the agent is expected to fetch and interpret open/public web content which could materially influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes system-level installation (curl | bash), explicit sudo commands (sudo systemctl start docker, sudo usermod -aG docker $USER), and operations that create/configure sandboxes under /var, which push the agent/operator to modify the host system state and escalate privileges.