cc-connect-ai-bridge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly forwards user messages, images, and voice from external messaging platforms (Telegram, Slack, Discord, Feishu, etc.) to local agents as part of normal operation (see "Chat Commands" and "For images/screenshots: just attach the image in chat. cc-connect forwards it to multimodal-capable agents."), and those untrusted, user-generated inputs can drive actions like /shell and /cron, so third-party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill tells users to send a prompt to a local AI agent to "Follow https://raw.githubusercontent.com/chenhg5/cc-connect/refs/heads/main/INSTALL.md" so at runtime the agent will fetch and follow remote INSTALL.md instructions (which control installation/configuration and may include executed commands), making this raw.githubusercontent URL a runtime external dependency that directly controls agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt includes direct instructions that use sudo to install a binary into /usr/local/bin and global npm installs (which may require elevation), and it exposes an admin /shell command that allows arbitrary shell execution — all of which enable modifying system state and require or encourage privilege use.