adguard-home

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Filter Management core task explicitly shows adding a blocklist from an arbitrary URL (python scripts/adguard_api.py add-filter --name "My List" --url "https://example.com/blocklist.txt"), which means the agent would fetch and ingest untrusted third‑party content that can change blocking behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the agent to run privileged sudo commands over SSH (restart services, copy/edit config files, update binaries) that modify system-level files and service state, which encourages changing the machine's state with elevated privileges.