homebrew

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill invokes Homebrew commands (see SKILL.md procedure and the scripts/brew.sh tool) that install packages and can "tap" third-party Homebrew repos and run install scripts fetched from public sources (e.g., Homebrew repos/GitHub/raw.githubusercontent.com), meaning untrusted, user-provided web content is fetched and executed as part of the workflow and could thus influence tool behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.30). The skill instructs the agent to install/uninstall system software (and even run the Homebrew bootstrap script), which changes the machine's state and can alter system files or require elevated actions, but it does not explicitly request privilege escalation, creation of users, or edits to sensitive system configs—so it is a moderate but not high-risk change.