act-docker-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill instructs pulling and using public Docker images (e.g., "docker pull catthehacker/ubuntu:act-latest", references to node:20, python:3.12, and publishing/using username/act-runner on Docker Hub), which are open, user-published third‑party artifacts that the agent would ingest/run as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). Flagged because the skill recommends risky host-affecting actions—mounting the Docker socket, running containers privileged or with SYS_ADMIN/NET_ADMIN, bind-mounting host paths, running as root, and running destructive host Docker commands—which can allow container breakout or otherwise modify/compromise the machine state.