orcahand

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's bootstrap and install workflow (scripts/orcahand_init.py and the installation instructions in simulation-setup.md/dependency-graph.md) explicitly clone public GitHub repositories and pip-install packages (e.g., orca_sim, orca_core, orca_retargeter), causing the agent/runtime to fetch and execute code and content from open/public third‑party sources that can influence decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The bootstrap script scripts/orcahand_init.py clones and then installs remote Git repositories at runtime (e.g., https://github.com/orcahand/orca_core.git, https://github.com/orcahand/orca_sim.git, https://github.com/orcahand/orcahand_description.git, https://github.com/orcahand/orca_retargeter.git, https://github.com/orcahand/rwr_system.git), which fetches and causes execution/installation of remote code that the skill relies on.