macos-brew

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's Integration Notes explicitly instruct fetching and running a public install script from raw.githubusercontent.com ("/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)\"") and documents adding arbitrary external taps (e.g., brew tap <user/repo>) which cause the agent to fetch and execute/interpret untrusted third-party repository content that can change subsequent tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly recommends running a runtime fetch-and-execute command that downloads and runs remote code from https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh (via /bin/bash -c "$(curl -fsSL ... )"), which directly executes remote code as part of setup.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs modifying system state (installing packages and services, editing PATH and shell config), recommends bypassing macOS security (--no-quarantine, curl|bash) and suggests running sudo (e.g., chown /opt/homebrew), which encourages privilege escalation and altering system files.