celery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill includes example tasks that fetch and ingest arbitrary public URLs and external payloads (e.g., fetch_url and fetch_and_process that call requests.get(url), fetch_data/download(source), and webhook handlers that accept external webhook_data), so it clearly exposes the agent to untrusted, user-provided third-party content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit /etc/systemd/system service unit files and production service/daemon setup (PIDfiles, /var/log, User=celery) which directly instruct creating/modifying privileged system service files and altering system state requiring root privileges.