whitepaper

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill auto-installs typst at runtime by downloading and extracting a GitHub release tarball (https://github.com/typst/typst/releases/latest/download/typst-x86_64-unknown-linux-musl.tar.xz) and placing an executable in /usr/local/bin, which fetches and effectively executes remote code that the skill depends on.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly runs unattended privileged install commands (including sudo apt-get) and writes to system locations (e.g., /usr/local/bin) and mandates deletion of user source files without confirmation, so it instructs elevated and destructive state changes on the host.