ollama-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly fetches and runs content from public Ollama endpoints (e.g., "curl https://ollama.com/install.sh", "ollama pull" and the referenced "Ollama Model Library" URL) and then consumes model outputs as part of automated workflows (for example the CI code-review example that parses model JSON to decide pass/fail), so third-party model content could indirectly inject instructions that influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime commands that fetch and execute remote code as required install steps — e.g., "curl -fsSL https://ollama.com/install.sh | sh" and "curl -L https://ollama.com/download/ollama-linux-amd64 -o ollama-linux-amd64" — so the external URLs directly supply executable content controlling installation.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs installing system software (including curl | sh), starting system services with sudo/systemctl, configuring systemd/Docker services, and installing drivers—actions that modify system state and require elevated privileges.