open-prose

[Skill Scanner] Instruction directing agent to run/execute external content Verdict: SUSPICIOUS - The OpenProse skill describes a powerful VM capable of loading and executing remote programs and orchestrating multiple agents. This aligns with its intended purpose but introduces a noteworthy supply-chain risk surface due to remote code execution from arbitrary URLs/registries. Not inherently malicious, but requires robust safeguards (sandboxing, provenance verification, permission controls, and restricted remote execution) before deeming it safe for broader use. LLM verification: This skill enables legitimate functionality (interpreting and running .prose programs and managing state), but it contains high-risk supply-chain patterns: it resolves arbitrary URLs/registry handles into remote programs and executes them without described signing or verification, and it forwards and logs sensitive credentials (OPENPROSE_POSTGRES_URL) to subagents. The combination of download-execute, CLI instructions that handle credentials, and examples with insecure defaults (Docker trust, ec