hetzner-server

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). The Hetzner console URL is legitimate, but the raw.githubusercontent.com link points to a directly-executable install.sh (curl|bash pattern) from a personal repo — running raw scripts from user repos can execute arbitrary commands and is therefore potentially dangerous without review.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly includes a user-data example that curls and pipes a public GitHub raw URL (https://raw.githubusercontent.com/connorads/dotfiles/master/install.sh) into bash, which fetches and executes untrusted third-party code as part of the provisioning workflow and can materially change behavior or outputs the agent may read when monitoring setup.