cyrus-setup-prerequisites

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime install command that fetches and pipes a remote script to bash from https://deb.nodesource.com/setup_22.x which executes remote code to install Node.js (a required dependency), so the URL directly controls code executed during runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt instructs installing system-level packages (including explicit sudo apt commands), global package installs, and creating configuration directories, which modify system state and require elevated privileges, so it poses a high risk of compromising the host.