git-onboarding-auto

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and executes open third-party code (e.g., /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)") and also supports cloning arbitrary repository URLs (git clone ), both of which are untrusted, user-controlled sources the agent will ingest and that can materially alter its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs a runtime command that fetches and executes remote code via curl: /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)", which executes remote content and is relied on to install Homebrew (a prerequisite for installing gh).