container

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflows and scripts explicitly fetch and run arbitrary public container images and registry data (e.g., SKILL.md and scripts/container-images.nu use "container image pull", scripts/container-lifecycle.nu and scripts/container-images.nu read "container logs" and "container image inspect"), which are untrusted third-party sources whose contents the agent would read and could materially influence subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill directs the agent to manage system-level container services and modify system properties (start/stop system service, set kernels, DNS entries, networks/volumes, builder/system properties), which change host state and likely require elevated privileges and can compromise the machine.