rust-sota-arsenal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "CRITICAL: Web-Verify Before Acting" workflow explicitly instructs the agent to fetch and scrape open/public third-party content (e.g., WebFetch to https://crates.io/api/v1/crates/{crate_name}, WebSearch for changelogs, and a Firecrawl scrape of crates.io pages) and to use that information to verify versions and influence upgrade/refactor decisions, which clearly exposes the agent to untrusted user-generated/third‑party content that can materially change its actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). It explicitly suggests using "sudo samply record" and even disabling SIP for dtrace, which instructs obtaining elevated privileges and bypassing system security protections.