docker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime instructions (e.g., the "sudo docker run hello-world" command in SKILL.md/README.md) implicitly fetch and execute a container image from public registries (Docker Hub), exposing the agent to untrusted, user-provided content whose output the agent would read/interpret.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs using sudo to start the Docker daemon and run containers, which requests elevated privileges and performs system-level changes that can compromise the machine's state.