distributed-job-safety

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Deployment Checklist explicitly instructs pulling remote code and packages (e.g., "ssh host 'cd ~/project && git fetch origin main && git reset --hard origin/main'" and "uv pip install ...") and then inspects that fetched source (inspect.getsource()) to decide actions like restart vs force-refresh, so untrusted public content from Git/PyPI is fetched and interpreted in the required workflow, enabling indirect prompt-injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's deployment steps explicitly fetch and install remote code at runtime (e.g., git operations and package installs such as "git fetch/reset" and "uv pip install" referencing remotes like https://github.com/owner/repo.git and https://pypi.org/simple/), which would cause execution of externally fetched code on the target host (flagging https://github.com/owner/repo.git as an example runtime external code source).