customize

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly ingests and processes user-generated messages from third-party channels (e.g., src/channels/whatsapp.ts and instructions to add src/channels/{name}.ts with onMessage callbacks and processGroupMessages), meaning the agent reads and acts on untrusted external content such as WhatsApp/Telegram messages which can influence its actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs modifying deployment and creating service files (and shows systemctl/launchctl restart steps), which can lead an agent to alter system service files or other system-level state even though it doesn't explicitly request sudo or user creation.