perf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The cheatsheet (references/cheatsheet.md, "Generate a flame graph") explicitly instructs cloning and using the public Brendan Gregg FlameGraph GitHub repo (https://github.com/brendangregg/FlameGraph), which pulls and executes untrusted third‑party code as a required part of the workflow, allowing that external content to materially influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The cheatsheet explicitly instructs cloning and then running Brendan Gregg's FlameGraph scripts (https://github.com/brendangregg/FlameGraph), which fetches remote code that is executed as part of the profiling workflow, so this external URL is a runtime dependency that executes fetched code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt explicitly advises running as root, changing kernel.sysctl settings (kernel.perf_event_paranoid), installing kernel-matched packages, and granting container capabilities/privileges (--cap-add=SYS_ADMIN or --privileged), all of which require or encourage elevated privileges and modifications to system/kernel or container security state.