waf-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md explicitly instructs fetching a public third-party repository (git clone https://github.com/coreruleset/coreruleset) to install OWASP CRS, which means the agent will ingest and apply externally sourced rule content from an open/public site as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs modifying system-level configuration and files (e.g., /etc/nginx/modsec, nginx.conf, installing modules), and running commands that would typically require sudo or change the host's state, so it risks compromising the machine state.