server-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly SSHs into a user-specified target and ingests outputs and file contents from that remote system (e.g., the SKILL.md audit steps that run ssh $SSH_TARGET "grep ... /etc/ssh/sshd_config", cat /etc/passwd, read authorized_keys, curl localhost, find .env/*.key, etc.), which are untrusted third-party content and are parsed to drive scoring and repair actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). Flagged because the skill explicitly executes privileged system modifications (apt-get/install, editing /etc/* files, systemctl enable/disable/restart, ufw changes, usermod/deluser, changing SSH/Nginx/database configs, etc.) over SSH which require root/sudo and alter the machine state.