aflpp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs fetching and using content from open/public third-party sources—e.g., git clone and docker pull from GitHub/Docker Hub and an explicit curl -O to raw.githubusercontent.com plus guidance to "download example files"—which are untrusted user/public-generated resources that would be ingested and used as fuzzing seeds, exposing the agent to indirect prompt injection risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running root-only scripts (afl-system-config, afl-persistent-config), using --privileged Docker with host mounts, and disabling kernel security mitigations via update-grub/reboot, all of which require sudo or modify system security settings and thus compromise the machine state.