Jutiku_Quiz_Expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads and processes arbitrary user-provided documents from $WORK_DIR (converted into $WORK_DIR/source/*.md via markitdown) and uses that content to generate questions, which exposes the agent to untrusted third-party/user-generated content that could carry indirect prompt injections.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs the agent to attempt installing system software (e.g., "sudo apt install", "winget install") and to request permission to perform automatic installs, which requires elevated privileges and can modify the machine state.