devcontainer-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime/devcontainer startup commands (see NODE-SETUP.md and the docker-compose command in SECURITY-HARDENING.md) explicitly curl and execute an external script (curl -fsSL https://claude.ai/install.sh | bash), meaning it fetches and runs public third-party content at container start that can materially change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's runtime startup/command includes "curl -fsSL https://claude.ai/install.sh | bash", which fetches and immediately executes remote code (installing the claude CLI) and is used as a required runtime setup step, so this URL directly controls code executed at runtime.