nextdns-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required installation workflow explicitly instructs fetching and executing remote content (e.g., "sh -c 'sh -c "$(curl -sL https://nextdns.io/install)\"'") and references other public third‑party endpoints (GitHub, DockerHub, https://dns.google/dns-query), so the agent would ingest open/public third‑party content that can materially change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill repeatedly instructs runtime execution of a remote installer via curl/sh using the URL https://nextdns.io/install (e.g., sh -c "$(curl -sL https://nextdns.io/install)"), which fetches and executes remote code and is relied on as the universal installer—so it directly executes external code at runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly covers installation, daemon control (start/stop/status), and system DNS/configuration tasks (including config files and platform-specific system setup) which require elevated privileges and modify system files, so it encourages changing the machine's state.