gitea-tea

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill invokes commands that fetch and display external Gitea content (e.g., "tea issue 42", "tea pr 15", "tea issues list --repo owner/repo", "tea clone owner/repo") so the agent would ingest user-generated issues, PRs, comments and repository content from arbitrary/public Gitea instances, which are untrusted third‑party sources.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt explicitly instructs using sudo to install the tea binary (e.g., "sudo mv tea /usr/local/bin/"), which directs the agent to perform privilege-escalating system changes that modify machine state.