adguard-home

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports adding blocklists from arbitrary URLs (e.g., "python scripts/adguard_api.py add-filter --url 'https://example.com/blocklist.txt'"), so it fetches and ingests untrusted public third‑party content that the agent will read/interpret.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes SSH commands that run sudo to restart services, update binaries, copy and view system configuration files (e.g., systemctl restart, sudo cp, sudo journalctl, editing /opt/AdGuardHome/AdGuardHome.yaml), which modify system state and require elevated privileges.