Nmap Scan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs nmap against user-specified/arbitrary hosts (e.g., "sudo nmap -p- ", NSE scripts, and "nmap -p 80 --script http-*" with results saved to ./nmap-output) and parses those service banners/NSE outputs to decide follow-up scans, so it ingests untrusted third-party responses that can materially influence subsequent tool use.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill repeatedly instructs the agent to run privileged commands (sudo nmap, root-only scans like -sS/-O/-sU) and to automatically retry/execute them, effectively pushing the agent to obtain and use sudo privileges on the host.