deploying-software-defined-perimeter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's bundled scripts clearly fetch and parse data from user-supplied network endpoints (e.g., scripts/agent.py's SDPControllerClient posting to controller_url and GETting /admin/* endpoints, and scripts/process.py scanning hosts and reading TLS/certificate responses), and those untrusted responses are interpreted to produce reports and findings, exposing the agent to untrusted third‑party content that could influence behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs installing and configuring system-level components (controllers/gateways), changing firewall/default-drop rules, opening listeners and managing certificates—operations that modify host state and require elevated privileges—so it encourages actions that can compromise the machine.