logcli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill clearly fetches and ingests untrusted, user-generated log content from arbitrary Loki endpoints (see SKILL.md examples and scripts/logcli.sh / scripts/lib/common.sh which accept --url or LOKI_URL/LOKI_URL* and then run_logcli to return raw log lines to stdout), so third-party log data can be read by the agent and materially influence subsequent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill runs docker run grafana/logcli:latest (pulled via docker pull / Docker Hub), which is fetched at runtime, is a required dependency, and executes remote container code on the host, so it constitutes a runtime external dependency that executes remote code.