arch-btw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs fetching and inspecting user-generated packages from public AUR/git URLs (e.g., "git clone https://aur.archlinux.org/package_name.git" and "Before building, inspect PKGBUILD" in references/packages-and-aur.md), which causes the agent to ingest untrusted third-party content that can influence build/install decisions and tool use.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly guides privileged system-administration actions (pacman upgrades, kernel/initramfs rebuilds, bootloader updates, arch-chroot, systemd unit changes, etc.) that modify system files and require root access, so it pushes the agent to change/compromise the machine state.