ascii-art

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses public, user-contributed web content (e.g., curling and extracting art from https://ascii.co.uk, using the asciified.thelicato.io API, qrenco.de, wttr.in, and accepting remote image URLs for image-to-ascii), and the agent is expected to read and select/act on that content as part of its workflow—creating a clear vector for untrusted third-party content to influence behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). This skill instructs installing system packages (sudo apt/snap installs and pip with --break-system-packages) and tells the agent to install missing tools, which pushes the agent to perform privileged, state-changing operations on the host.