ssl-tls

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes scripts that fetch and parse remote, user-specified TLS data (e.g., the "检查证书过期" script uses "openssl s_client -connect ${DOMAIN}:443 -servername ${DOMAIN}" and the curl call to the SSL Labs API), so it ingests untrusted third-party content from arbitrary domains that the agent would read and interpret.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt contains commands that install packages (apt/yum), enable/start systemd timers, reload system services, and reference system paths like /etc/letsencrypt — all actions that modify the host system and typically require sudo/root, so it instructs changes to machine state.