caddy-certificate-maintenance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow explicitly calls out fetching and parsing certificates from external hosts (e.g., openssl s_client connecting to domains like pihole.temet.ai and the loop over domains) and references public certificate transparency data (https://crt.sh/?q=temet.ai), and those externally-sourced certificate/CT entries are parsed and used to decide renewals and trigger actions (reload, delete/recreate volumes), so untrusted third‑party content can materially influence behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs stopping/starting containers, deleting and recreating Docker volumes, copying/restoring files under /var/lib/docker and /home (including .env), and other destructive maintenance steps that modify system state and require elevated privileges, so it can compromise the machine if misused.