ansible-coder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and consumes third-party content — e.g., installing community Ansible Galaxy roles via "ansible-galaxy install -r requirements.yml" and running a remote install script with "curl -fsSL https://get.docker.com | sh" — which are public, third-party-controlled resources that will be read/executed as part of the workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The playbook includes runtime tasks that execute remote code via a shell pipe (ansible.builtin.shell: curl -fsSL https://get.docker.com | sh), meaning https://get.docker.com is fetched during runtime and its content is executed on target hosts.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly guides creating and running Ansible playbooks that use become/root access and modify system files and services (e.g., /etc/ssh/sshd_config, systemd units, package removal, ufw/sysctl), which instructs actions that can change the machine state and require bypassing or using elevated privileges.