try

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly clones or installs arbitrary public packages/repos (Phase 0: "git clone --depth 1 into /tmp/try-/" and npm/pip install flows) and then instructs the agent to read README/docs/examples/tests (Phase 1 Recon), so it ingests untrusted, user-generated third‑party content from the open web that can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly clones and installs user-specified git repositories at runtime (e.g., git clone --depth 1 https://github.com/some/repo.git) and may invoke the external try CLI (https://github.com/tobi/try); those fetched repos/packages are installed and executed as part of the workflow, so remote content can run code and directly affect the agent's execution.