ansible-error-handling

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly includes a "Download release" task that uses ansible.builtin.get_url to fetch "https://releases.example.com/{{ app_version }}", which clearly instructs the agent/runtime to retrieve and unarchive external content that can materially influence later actions (unarchive/start), exposing it to untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The playbook uses ansible.builtin.get_url at runtime to download and unarchive "https://releases.example.com/{{ app_version }}.tar.gz" and then starts the deployed application, meaning remote content is fetched during runtime and executed as a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains playbook examples that stop/start systemd services, copy files into system paths (e.g. /usr/bin, /opt), and uses become: true and sudo install instructions — all actions that modify the host system and require elevated privileges.