ce-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to run install commands that fetch and install third-party packages (e.g., Step 7 "Run this command" with commands like "CI=true npm install -g agent-browser ..." and "npx skills add https://github.com/..." and the scripts/check-health deps array listing install_cmd and url), which causes the agent to pull and execute untrusted public web content that can materially change tool/skill behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The setup skill's interactive install step runs shell commands that fetch and install remote code at runtime (e.g., "CI=true npm install -g agent-browser ... && npx skills add https://github.com/vercel-labs/agent-browser --skill agent-browser -g -y" and "npx skills add ast-grep/agent-skill -g -y" which pull from https://github.com/vercel-labs/agent-browser and https://github.com/ast-grep/agent-skill), so the fetched content can execute code and install agent skills that affect prompts/behavior.