netease-music-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md requires pulling/searching NetEase Music data (e.g., "拉取红心歌单曲目" and "按策略执行搜索命令" and emitting https://music.163.com/... links and using coverImgUrl), which are open/public, user-generated music/playlist pages that the agent must read and interpret to make recommendations and drive actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). Flagged because the skill explicitly instructs the agent to run shell commands that modify the machine's state (e.g., updating crontab, syncing schedulers and plist, writing ~/.config JSON files and downloading temp images), which changes system/user-level configuration even though it doesn't request sudo or create users.