hydra-head-troubleshooter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Snapshot side-loading" step explicitly fetches and ingests snapshot JSON from peer hosts (curl -s http://healthy-node:4001/snapshot and POST to http://out-of-sync-node:4001/snapshot), which causes the agent to read arbitrary peer-provided (potentially untrusted) content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The wrapper script scripts/hydra-node.sh will invoke docker run using the default IMAGE ghcr.io/cardano-scaling/hydra-node at runtime (if hydra-node is not installed), which pulls and executes remote code from that URL and is relied upon as a required fallback—constituting a runtime external dependency that executes code.