remote-bash

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill executes commands that fetch and read files from arbitrary public GitHub repositories, exposing the agent to untrusted, user-generated content on GitHub which it will read and interpret as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). This skill explicitly fetches and runs bash commands against arbitrary public GitHub repositories at runtime (e.g., https://github.com/{owner}/{repo}), meaning remote repository content can be fetched and executed as code and is a required runtime dependency.