cli-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Multiple installer and update scripts (e.g., scripts/installers/github_clone.sh, scripts/installers/github_release_binary.sh, scripts/install_composer.sh, scripts/installers/hashicorp_zip.sh, and scripts/auto_update.sh) explicitly curl/git-clone public GitHub releases and external URLs and then parse/install those artifacts at runtime, which are untrusted third‑party sources used to drive installation decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). Yes — installer scripts fetch and install remote executables at runtime (for example scripts/install_composer.sh uses curl to download and install https://getcomposer.org/download/latest-stable/composer.phar), which results in executing remote code fetched from external URLs.