sync-dotfiles

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's sync.sh will automatically clone the public repo https://github.com/camacho/ai-env into /tmp (resolve_ai_env_root) and may run npx to install skills from a public npm/GitHub repo (DEFAULT_SKILLS_REPO), and those third‑party files are read/merged and used to modify local configs or install code—so untrusted public content can directly influence actions and configuration.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls git clone at runtime to fetch https://github.com/camacho/ai-env.git (used as the ai-env/dotfiles source, including CLAUDE.md which can directly control agent prompts) and the clone is relied on as a fallback repository, so remote content fetched at runtime can control prompts.