terminal-session

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md) explicitly uses tmux capture-pane to read terminal output from sessions like SSH and Claude Code and then conditionally sends keys (e.g., grepping for "proceed" and auto-sending 'y'), so untrusted/remote terminal content can be ingested and directly influence the agent's actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly instructs creating/killing tmux sessions and includes a recommendation to disable SSH host key checking (ssh -o StrictHostKeyChecking=no), which bypasses a security mechanism and enables altering machine state and remote connections even though it doesn't request sudo or edit privileged system files.