ebpf-observability

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's installation workflow explicitly fetches and uses public third-party content (e.g., curl to raw.githubusercontent.com/stable.txt and downloading GitHub release tarballs in "Install Cilium CLI" and "Install the tetra CLI"), so external, untrusted web content is ingested and can change what the agent installs or executes.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill contains runtime install commands that fetch and install executable artifacts (e.g., "https://github.com/cilium/cilium-cli/releases/download/.../cilium-linux-amd64.tar.gz", "https://github.com/cilium/hubble/releases/download/.../hubble-linux-amd64.tar.gz", "https://github.com/cilium/tetragon/releases/latest/download/tetra-linux-amd64.tar.gz", and "https://github.com/brendangregg/FlameGraph.git") which download remote code and place/execute binaries/scripts as required dependencies.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running sudo commands, mounting /sys/fs/bpf, changing sysctl settings, installing system binaries, and deploying cluster-level components and eBPF programs that modify kernel state and require elevated privileges, so it directs actions that can change/compromise the host.