ai-coding-agent-guardrails

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The install-secret-scanning.sh script performs git clone https://github.com/awslabs/git-secrets.git and then runs make install, which fetches and executes remote code at runtime and is relied upon as a required secret-scanning dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt includes host-level scripts and commands (useradd, chown/chmod/setfacl, iptables, apt-get, installing system tools, etc.) that create users and change filesystem and network settings—actions that require root and modify the machine state.