define-slo-sli-sla

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The procedure includes runtime installation commands that fetch and install remote executables (wget https://github.com/slok/sloth/releases/download/v0.11.0/sloth-linux-amd64 and docker pull ghcr.io/slok/sloth:latest), which download and run external code the skill relies on.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes explicit privileged installation steps (e.g., "sudo mv sloth-linux-amd64 /usr/local/bin/sloth") and instructions that modify system configuration and load Prometheus rules, which direct the agent to perform actions requiring elevated privileges and thus can change machine state.