ollama

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md shows the agent downloading and running community models (e.g., "ollama run ..." and "ollama pull model_name") and installing from https://ollama.com/install.sh, meaning it fetches and executes public, third-party model artifacts whose behavior/output the agent will read and act on.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installation step runs a remote shell script at runtime via "curl -fsSL https://ollama.com/install.sh | sh", which downloads and executes external code as a required dependency to install Ollama.