ssh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and README explicitly state the agent will "Execute commands on remote machines" and "Transfer files between local and remote machines," which requires fetching and reading content from arbitrary remote hosts (third-party machines) that could supply untrusted instructions or data influencing subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs generating SSH keys, creating and editing ~/.ssh/config, adding keys to ssh-agent and setting permissions—actions that modify the machine's persistent SSH configuration and network access (e.g., port forwarding) and therefore can change or compromise the agent host's state.