exe-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly references and expects interaction with arbitrary public exe.dev VM URLs (e.g., https://.exe.xyz/ and the Shelley agent at https://.exe.xyz:9999/) and notes the Shelley agent reads VM-hosted files like ~/.config/shelley/AGENTS.md, which are untrusted third-party content that the agent would consume.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). This skill directly instructs creating and managing persistent VMs (create VMs, change ports, make public) and explicitly includes adding users via SSH (e.g., "ssh exe.dev share add "), which modifies machine state and can create accounts or change access, so it should be flagged.