app-platform-troubleshooting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows explicitly execute and analyze untrusted app-generated content (e.g., fetching runtime/build logs via "doctl apps logs" and reading HTTP responses and files with app.exec("curl ..."), app.filesystem.read_file("/app/...") in SKILL.md and reference/live-troubleshooting.md and reference/logs-analysis.md), so external/user-controlled content is ingested and used to drive diagnostic decisions and follow-up actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's debug workflow deploys external container images hosted on GHCR (e.g., ghcr.io/bikramkgupta/debug-python:latest and ghcr.io/bikramkgupta/debug-node:latest), which are fetched and run at runtime (executing remote code) and are presented as required debug dependencies.