infostealer-malware-detector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Step 3 "Cross-Reference with Public Sources" requires the agent to query and interpret live public threat-intel sites (VirusTotal, MalwareBazaar — see the curl example and fallback links) and uses those third-party responses to make verdicts that drive quarantine/AV decisions, which clearly exposes the agent to untrusted public content that can influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly requires admin/root privileges and directs the agent to scan the whole filesystem, move/quarantine files, and perform registry/startup cleanup and AV scans—actions that modify the machine state and require elevated (sudo) access.