mdm-device-management

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The onboarding script fetches and executes remote code at runtime via /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" and also downloads https://internal.yourcompany.com/brewfile which directly controls what packages are installed, so these URLs are runtime external dependencies that execute remote code/control installation.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes numerous privileged and state-changing instructions (sudo commands, FileVault/BitLocker enablement, registry edits, system profile modifications, onboarding scripts, and remote wipe commands) that instruct the agent to modify or destructively control the host machine, so it should be flagged.