customize

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly requires adding input channels that ingest messages from external user-generated sources (e.g., src/channels/whatsapp.ts and instructions to add Telegram/Slack/email channels), and states that incoming messages are stored and routed for agent processing, meaning untrusted third-party content would be read and could influence agent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly tells the agent to create and modify service files and change deployment (including systemd/launchctl steps and restart commands), which can modify system-level configuration and thus potentially change machine state, although it does not explicitly instruct privilege escalation or creating users.