hetzner-coder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly fetches and uses open-web content (e.g., the Firewalls section recommends tofu apply -var="admin_ip=$(curl -s ifconfig.me)/32" and references/ansible-integration.md runs curl -fsSL https://get.docker.com | sh), which causes the agent/environment to ingest and act on third-party data that can materially change provisioning or execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). I flagged the curl/pipe-to-sh command in the Ansible playbook (https://get.docker.com) because at runtime the playbook runs "curl -fsSL https://get.docker.com | sh", which fetches and directly executes remote code on provisioned servers.