ppio-sandbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's installation and update steps explicitly curl public files from raw.githubusercontent.com (https://raw.githubusercontent.com/PPIO/ppio-skills/.../SKILL.md and references/cli-reference.md) and instruct the agent to read the fetched references/cli-reference.md for command details, so it fetches and interprets public GitHub content that could contain untrusted instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's install/update steps instruct the agent to curl and save remote skill files (e.g. https://raw.githubusercontent.com/PPIO/ppio-skills/main/skills/ppio-sandbox/SKILL.md and the companion cli-reference.md) at runtime, which would directly inject/replace the skill's prompts/instructions and thus control agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). Flagged because the skill instructs the agent to perform system-level installation and file writes (e.g., global npm installs, apt-get node setup) and includes sudo commands, which push the agent to modify the host system state and potentially obtain elevated privileges.