dns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill contains many commands that query arbitrary public domains and public DNS servers (e.g., dig/nslookup/host examples like "dig example.com", "dig @8.8.8.8 example.com" and "dig +trace example.com"), so an agent following the workflow would fetch and interpret untrusted, user-controlled DNS records (including TXT data) from the open Internet.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes commands that modify system files under /etc, manage services with systemctl, and install/restart system daemons (and even uses sudo in examples), which require elevated privileges and can change the machine state.