use-instavm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly supports browsing and fetching arbitrary public web content (references/platform.md shows browser.create_session and session.navigate), pulling public code/images (references/compute.md includes git_clone_url and OCI image builds), and allows external egress configuration (references/access.md), meaning the agent can ingest untrusted, user-controlled third-party content that could materially influence builds or runtime actions.