fail2ban-swag

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and tests live web-request logs (e.g., $SWAG_APPDATA_PATH/log/nginx/access.log and fail2ban.log via cmd_nginx_access_log, cmd_logs, cmd_test_filter in scripts/fail2ban-swag.sh and the SKILL.md), which are untrusted, user-generated third‑party content that the agent parses and uses to create filters and trigger ban/unban actions, so those external inputs can materially influence tool use and decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs the agent to perform state-changing administration (create/edit jails and filters, ban/unban IPs, reload fail2ban, modify iptables/DOCKER-USER chain, and restore configs) which alters the host/container network and security posture and can require elevated privileges, so it encourages modifying the machine's state.