testcontainers-guide-migrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs cloning and reading public GitHub repos for testcontainers guides (git clone https://github.com/testcontainers/{REPO_NAME}.git in Step 1 and references to testcontainers.com/guides), and those repository files are parsed, converted, and used to drive code updates, compilation, and test-running—so untrusted third-party content is ingested and can materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs git clone --depth 1 https://github.com/testcontainers/{REPO_NAME}.git at runtime to fetch repository source which is then compiled and executed (tests run inside containers), so remote code is fetched and executed as a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill instructs the agent to clone repos, create files, and run Docker containers that mount the host Docker socket (and run build/test commands), which can modify host state and grant powerful control over the machine via the Docker daemon, so it poses a moderate risk.