debugging-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's installer and debugger-install docs (scripts/install-dap.sh and references/installing-debuggers.md) explicitly curl the public GitHub API and download release assets from github.com, so the agent/script ingests untrusted, user-controlled third-party content (release metadata and binaries) that directly determines what is fetched and executed.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installer script (scripts/install-dap.sh) fetches release metadata via https://api.github.com/repos/AlmogBaku/debug-skill/releases/latest and then downloads a release binary from https://github.com/AlmogBaku/debug-skill/releases/download/$TAG/$ASSET_NAME at runtime — this retrieves and installs/exposes remote executable code that the skill relies on, so it executes remote code and is a required runtime dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). Although the skill is primarily a benign interactive debugger and only recommends installing a debugger, it explicitly mentions disabling macOS System Integrity Protection ("csrutil disable"), which is an instruction to bypass a security mechanism and therefore poses a security risk.