opencron

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's install-system.js and install scripts explicitly fetch and execute public third‑party resources (e.g., execSync('curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash ...') and running 'curl ...raw.githubusercontent.com/.../install.sh' and 'npm install -g opencron-system'), so the agent runs and acts on external, untrusted web content (npm/HTTP scripts) as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). scripts/install-system.js executes remote install scripts at runtime (via curl | bash) from URLs such as https://deb.nodesource.com/setup_20.x and https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh, which fetches and runs remote code as part of the skill's installation flow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). Flagged because the skill explicitly tells the agent/user to perform system-level installations and even suggests using sudo/administrator privileges (e.g., "sudo npm install -g") and to start/restart system/global services (PM2), which pushes the agent to obtain elevated privileges and modify the machine state.