using-webctl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill issues browser navigation and scraping commands that fetch and process arbitrary external web pages (see SKILL.md examples like webctl navigate "https://..." and webctl snapshot / webctl query which capture and interpret page content), so it ingests untrusted public third‑party content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs modifying system package files under /usr/local/lib (copying auth_proxy.py and patching session_manager.py) and uses pip install with --break-system-packages, which requires elevated privileges and alters the machine state, so it should be flagged.