build-pmars

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to download and inspect Debian source packages (e.g., "apt-get source pmars") and to read upstream files like Makefile, README, and debian/control from public package repositories, which are untrusted third-party content the agent must parse as part of the workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs editing system files (e.g., /etc/apt/sources.list*), running apt-get installs/updates, and copying binaries to /usr/local/bin—actions that require elevated privileges and modify the machine's system state.