environment-setup-guide

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes setup commands that fetch-and-execute remote scripts at runtime — for example https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh (Homebrew), https://deb.nodesource.com/setup_20.x (NodeSource), https://community.chocolatey.org/install.ps1 (Chocolatey), and https://get.docker.com (Docker) — which directly execute remote code and are presented as required installation steps.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes multiple privileged operations and system modifications (sudo apt installs, sudo usermod -aG docker, running remote install scripts like get-docker.sh and Homebrew/Chocolatey installers) which instruct changing the host system state and could be abused if executed by an agent, so it poses a meaningful risk.