nmap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill runs nmap against user-supplied targets (e.g., sudo nmap ... and nmap --script "http-*" ) and parses NSE and service/banner outputs saved in the .nmap/.gnmap files, which means it ingests untrusted, potentially user-generated content from arbitrary public hosts/URLs.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill repeatedly instructs the agent to run sudo/root-only nmap scans (e.g., SYN/UDP/OS detection) and recommends evasion flags (‑Pn, source-port tricks, fragmentation), effectively pushing the agent to obtain elevated privileges and bypass security controls.