ansible

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). This is a generic/unverified GitHub repository URL (https://github.com/user/app.git) — not a direct executable but an unknown/placeholder account could host malicious code, so treat it as potentially suspicious until the repo owner, activity, and contents are verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes explicit examples that fetch and ingest public, user-provided content (e.g., "git: repo: https://github.com/user/app.git" and "ansible-galaxy install geerlingguy.nginx"), so the agent would read and interpret untrusted third‑party code/roles from GitHub/Ansible Galaxy as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt contains explicit instructions that use --become / become: yes and show tasks that install packages, modify /etc/systemd and /etc/nginx files, and create user accounts—actions that require sudo and change the host system state.