security-headers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's core workflow (Phase 1 "Header Detection and Analysis" and usage examples like security-headers https://example.com) and Phase 6 "Online Tools Integration" explicitly fetch and parse HTTP responses from arbitrary public URLs (via curl -sI and curl of securityheaders.com), meaning untrusted third‑party header/content is ingested and used to drive analysis and generated configurations.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill generates and installs configuration files and provides templates that modify webserver/system configuration (nginx, Apache, header files, installing packages and writing middleware), which can change the machine's state and may require elevated privileges, even though it doesn't explicitly request sudo or create users.