claude-code-web-docker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill instructs running networked builds and sandboxes (e.g., "csb build --host-network --insecure", "csb create --egress=all") and shows examples using curl and npm, which enable fetching arbitrary public web content and packages that the agent would ingest and act on.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs running sudo commands to install and manage Docker (sudo apt-get, sudo dockerd, sudo pkill), disables kernel security features (iptables/bridge) and encourages bypassing TLS verification (curl -k, npm strict-ssl false), all of which modify system state and weaken security.