hwpx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and processes user-provided .hwpx templates from /mnt/user-data/uploads (see USER_TEMPLATE = "/mnt/user-data/uploads/사용자양식.hwpx") and then uses ObjectFinder and ZIP-level text replacements to read and act on that untrusted, user-generated file content, which can enable indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt directs the agent to modify the host environment (copy files, run subprocesses that alter files) and explicitly tells to install a package with the --break-system-packages flag (an instruction to bypass package safety), which attempts to bypass system protections and change system state.