install-stack-flagos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly clones and installs code from public, user-controlled sources (e.g., git clone ${GITHUB_PREFIX}/FlagOpen/FlagGems and ${GITHUB_PREFIX}/flagos-ai/FlagCX and pip installs from PyPI/FlagOS as shown in Step 3 and references/network-mirrors.md), so it fetches and executes untrusted third-party content that can materially influence runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Yes — the skill runtime clones and installs code from external repositories using ${GITHUB_PREFIX} (e.g. https://github.com/flagos-ai/FlagCX or the mirror https://ghfast.top/https://github.com/flagos-ai/FlagCX) and pulls packages from external PyPI (e.g. https://resource.flagos.net/repository/flagos-pypi-hosted/simple), which are fetched at runtime and built/installed (make, pip install), thus executing remote code.