cloud-deployment-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs fetching arbitrary third-party code via "git clone YOUR_REPO" (and other external fetches like curl from deb.nodesource.com), meaning untrusted/user-provided repository content would be ingested and used in the deployment workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs creating a new user and adding it to sudo (adduser deploy && usermod -aG sudo deploy), running commands with sudo (curl ... | sudo -E bash -), and modifying system-level services/configs (nginx, certbot, /etc/nginx), all of which change the machine state and require elevated privileges.