environment-setup-assistant

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). Several setup scripts in the skill fetch and directly execute remote installer code at runtime (e.g., /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)", curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash, and curl https://pyenv.run | bash), which downloads and runs external code as required installation steps.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill generates and runs system setup scripts that install packages, invoke sudo apt-get, manage systemd services, and add users to groups (e.g., docker), all of which modify system-level state and require elevated privileges.