podman

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly includes commands that fetch and run content from public container registries and artifact locations (e.g., "podman pull alpine:latest", "podman artifact pull oci://registry.example.com/artifact", and "podman auto-update" from registries) and also instructs inspecting logs/inspect output, so the agent can ingest and interpret untrusted third‑party image/artifact content and runtime output.