rclone

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and references/cheatsheet.md explicitly instruct the agent to list and read files from configured remotes (e.g., "rclone lsjson remote:bucket/path" and "rclone cat remote:path/file.txt"), which are open/third-party cloud storage locations that can contain untrusted, user-generated content that the agent would parse and could influence follow-up sync/copy/delete actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly recommends privileged operations (apt/dnf installs and "curl ... | sudo bash"), mentions editing /etc/fuse.conf (a system file) and installing system FUSE packages, which push the agent toward making sudo-required changes to the host system.