git-advanced

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs fetching and installing content from public, user-maintained sources (e.g., git clone and git submodule add with GitHub URLs and the .pre-commit-config.yaml that pulls hooks from https://github.com/…), which will ingest and run untrusted third-party code/config that can influence subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt includes explicit sudo commands that write to system locations (e.g., /usr/share, /etc/apt/sources.list.d) and install packages, i.e., it contains instructions that modify system files requiring elevated privileges, so it can change the machine state.