d6e-setup

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs cloning and using the repository https://github.com/d6e-ai/d6e-setup.git (Step 1) and then running docker compose which pulls and runs remote container images from external registries, meaning remote code is fetched at runtime and executed by the deployment.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). This skill explicitly instructs running sudo commands that modify system files (adding apt keyrings/sources, installing packages) and changes user groups (usermod), which are privileged operations that alter the machine's state.