deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's verify.sh explicitly curls an arbitrary HEALTH_URL (and the Makefile also reads $HEALTH_URL) and parses that untrusted endpoint's JSON 'version' to decide verification/rollback, so remote third-party content can directly influence deploy actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The generated scripts perform system-level changes—writing to /var/log, altering /app/current symlink, and running "nginx -s reload"—which modify machine state and typically require elevated (sudo/root) privileges, so the skill does push the agent to affect the host system.