hosting-karakeep

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests arbitrary third‑party/user-generated web content (SingleFile uploads to https://archive.greenhead.dev/api/v1/bookmarks/singlefile, archived HTML inspected by the fallback sync under /mnt/data/archive-fallback, webhook payloads and URLs extracted by the log-monitor/failed-urls.queue) and uses that content to drive reuploads, tagging (OpenAI), and automated actions, so untrusted content can materially influence tool behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly includes sudo systemctl commands and references editing NixOS system configuration and service files (system-level operations), which instruct the agent to perform privileged modifications to the host system.