crowdsec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md instructs use of cscli hub update / hub upgrade and enrolling with app.crowdsec.net (community console) to fetch and install community-contributed hub items and shared blocklist decisions — untrusted, user-generated content the agent ingests and that can materially change detection/ban behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt instructs the agent to run multiple privileged operations (curl | sudo bash, apt install bouncers, sudo cscli commands, edit /etc configuration files, systemctl reload) that modify system services, firewall bouncers, and system files—clearly pushing the agent to change the machine state with root privileges.