shell-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's documentation and required task router explicitly instruct use of HTTP/networking functions that fetch and parse arbitrary web content (see SKILL.md Task Router → references/http-networking.md and the api_call_with_backoff / download_with_retry curl patterns), and the BATS installation section even clones from public GitHub — showing the agent will fetch and interpret untrusted public web/social content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly advises creating and managing systemd services and timers (e.g., "Create systemd service for a script", "Replace cron with systemd timer"), which involves modifying system service files and other system-level state that require elevated privileges and can change the machine state.