hetzner-server

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). The Hetzner console URL is legitimate, but the raw.githubusercontent.com link points to a directly-executable install.sh (curl|bash pattern) from a personal repo — running raw scripts from user repos can execute arbitrary commands and is therefore potentially dangerous without review.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's user-data example explicitly curls and executes a script from raw.githubusercontent.com (https://raw.githubusercontent.com/connorads/dotfiles/master/install.sh), a public GitHub URL containing arbitrary third-party content that the agent would fetch and run during server setup, exposing it to indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's user-data example directly downloads and executes remote code at runtime via "curl -fsSL https://raw.githubusercontent.com/connorads/dotfiles/master/install.sh | bash", and subsequent instructions assume that script creates the "connor" user and installs tools, so the skill depends on runtime execution of that external content.