automation-script-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes code that fetches and processes data from open/public sources—notably the GitHub API example that calls https://api.github.com/users/{username}/repos and the generic fetch_data_from_api function that performs requests.get(url)—which consumes untrusted, user-generated third-party content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes scripts that perform privileged system actions (e.g., "sudo systemctl restart", registering scheduled tasks as SYSTEM, writing to /var/backups or /var/log, creating cron jobs and restarting services), which instruct or encourage modifying the host system state and require elevated privileges.