rodney

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to arbitrary public URLs (e.g., "rodney open " in SKILL.md and references/commands.md) and exposes commands like "rodney js", "rodney text", "rodney assert", and "rodney exists" that read and act on untrusted webpage content, so third‑party pages can materially influence tool behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt includes explicit privileged install steps (e.g., "sudo mv rodney /usr/local/bin/") that instruct running commands which modify system directories and require sudo, so it encourages performing privileged system changes even though most usage is user-level.