getting-started

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's installation steps use curl to download and install executables from https://github.com/acquia/cli/releases/latest/download/acli and https://github.com/acquia/cli/releases/latest/download/acli.phar, which are runtime-fetchable binaries that would be executed locally (remote code execution) and are required for the skill's operation.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.50). The skill instructs writing a binary to /usr/local/bin and changing executable bits and shell rc files, which modify system-level files (actions that often require sudo) and thus affect the machine state.