swain-init

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and executes public third-party content and incorporates it into agent workflows — e.g., it installs uv via curl (Phase 2.1), pulls pre-commit hooks from public GitHub repos (Phase 3.3), can install external skills with npx (Phase 4.3), and explicitly reads and appends AGENTS.content.md from installed skills (Phase 5.3) which can alter governance/routing and thus materially change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill, at runtime, runs a shell installer via "curl -LsSf https://astral.sh/uv/install.sh | sh", which fetches and executes remote code to install uv (a required runtime tool for swain scripts), so this URL is a high-confidence runtime code-execution dependency.